Hollywood Site Leaks Personal Data Of 260,000 Actors

Uploaded on 2020-07-30 in NEWS-Cybersecurity News, FREE TO VIEW

popular US online casting agency MyCastingFile.com has leaked a significant volume of private data belonging to more than 260,000 users. This website is used to cast US talent in movies and television shows. The company behind the site claims to have recruited talent for productions such as NCIS: New Orleans, True Detective, Pitch Perfect and the last instalment of the Terminator series, Terminator Genisys.

The records from over 260,000 users including personally identifiable information (PII) such as both physical and email addresses, phone numbers and sensitive information about distinguishing physical features.

In total, close to 10 million records were leaked, adding up to around 1GB in size.If referring to server records, it would appear the breach first originated on 31 May 2020 but has since been fixed by the company, following our disclosure. The site allows users to create what it calls “talent profiles” whereby users complete a detailed questionnaire including sensitive personal information including weight, height and ethnicity details.

The site also allows children under the age of 18 to use its services, thereby raising the level of cybersecurity required for child protection.

In its privacy policy, the website operator states that its services are reserved for adults only and that all under-18 accounts must be managed by parents, but does confirm that children’s private information is stored on the company’s server alongside adult profiles. The leak contained several pieces of information that could be weaponized by hackers to commit identity theft and fraud, across various establishments and organisations both private and public.

  • Leaked email addresses could be targeted by sending alternative personal information obtained from MyCastingFile and falsely presented to look like a legitimate response. The combined collection of data creates an engaging approach for hackers and can lead to click-throughs to unsecured websites, malware downloads and virus intrusions.
  • Photographs provided by users can be harnessed to conduct scams involving facial recognition such as identity fraud, as well as being used to create multiple illegitimate profiles, to carry out what’s known as “catfishing”, the act of luring someone into a relationship by means of a fictional online persona.

User photographs could be potentially compromising, therefore, creating severe anxiety and/or reputational damage for those affected by the breach. Moreover, availability of sensitive private information such as photographs, videos or even medical information, can all be leveraged by nefarious users to extort and blackmail their targets.

The fact that this breach occurred at a casting agency raises various industry-specific concerns such as famous actors being stalked and people being lured into harmful situations under the pretense of securing a major movie role.

Safety Detectives:       ZDNet:       NewZZ:       IDAgent


You Might Also Read: 

AI Can Turn Hollywood Stars Into Pornographic Actors:

 

« Vital Necessity Of Cloud Computing Highlights Security Risks
Women In Cyber Security Are Paid Much Less Than Men »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

baramundi software

baramundi software

baramundi software AG provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Gutsy

Gutsy

Gutsy uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.