Hollywood Site Leaks Personal Data Of 260,000 Actors

Uploaded on 2020-07-30 in NEWS-Cybersecurity News, FREE TO VIEW

popular US online casting agency MyCastingFile.com has leaked a significant volume of private data belonging to more than 260,000 users. This website is used to cast US talent in movies and television shows. The company behind the site claims to have recruited talent for productions such as NCIS: New Orleans, True Detective, Pitch Perfect and the last instalment of the Terminator series, Terminator Genisys.

The records from over 260,000 users including personally identifiable information (PII) such as both physical and email addresses, phone numbers and sensitive information about distinguishing physical features.

In total, close to 10 million records were leaked, adding up to around 1GB in size.If referring to server records, it would appear the breach first originated on 31 May 2020 but has since been fixed by the company, following our disclosure. The site allows users to create what it calls “talent profiles” whereby users complete a detailed questionnaire including sensitive personal information including weight, height and ethnicity details.

The site also allows children under the age of 18 to use its services, thereby raising the level of cybersecurity required for child protection.

In its privacy policy, the website operator states that its services are reserved for adults only and that all under-18 accounts must be managed by parents, but does confirm that children’s private information is stored on the company’s server alongside adult profiles. The leak contained several pieces of information that could be weaponized by hackers to commit identity theft and fraud, across various establishments and organisations both private and public.

  • Leaked email addresses could be targeted by sending alternative personal information obtained from MyCastingFile and falsely presented to look like a legitimate response. The combined collection of data creates an engaging approach for hackers and can lead to click-throughs to unsecured websites, malware downloads and virus intrusions.
  • Photographs provided by users can be harnessed to conduct scams involving facial recognition such as identity fraud, as well as being used to create multiple illegitimate profiles, to carry out what’s known as “catfishing”, the act of luring someone into a relationship by means of a fictional online persona.

User photographs could be potentially compromising, therefore, creating severe anxiety and/or reputational damage for those affected by the breach. Moreover, availability of sensitive private information such as photographs, videos or even medical information, can all be leveraged by nefarious users to extort and blackmail their targets.

The fact that this breach occurred at a casting agency raises various industry-specific concerns such as famous actors being stalked and people being lured into harmful situations under the pretense of securing a major movie role.

Safety Detectives:       ZDNet:       NewZZ:       IDAgent


You Might Also Read: 

AI Can Turn Hollywood Stars Into Pornographic Actors:

 

« Vital Necessity Of Cloud Computing Highlights Security Risks
Women In Cyber Security Are Paid Much Less Than Men »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.