Data leak at Clarity.fm exposes personal info of business leaders and celebs online

A database belonging to a San Francisco-based company been found leaking the personal information of over 121,000 business leaders online, including Mark Cuban, Eric Ries and Brad Field.

The data breach disclosed by cybersecurity researcher Jeremiah Fowler impacted Clarity.fm, an online platform that lets entrepreneurs and other professionals get on-demand expert advice from industry leaders and other niche specialists.

A total of 155,513 records, including 121,000 member profiles, were found in a non-password-protected database online.

Here’s an overview of the leaked information:

• Personal and professional email addresses
• Hourly rates and payments received in past consulting sessions
• Rating and score

Fowler said he immediately notified Clarity.fm about the breach and the database was secured within a couple of days of his responsible disclosure notice.

“Upon my discovery, I immediately sent a responsible disclosure notice, and the database was secured a few days later,” Fowler explained. “I received several automated replies, but no official response. It remains unclear how long the database was exposed for, or if anyone else gained access, as only an internal forensic audit could identify this information.”

What are the risks

To date, there is no evidence to suggest that threat actors had access to the unsecured data. However, given that business professionals, investors, or high-profile individuals with access to substantial funds make great targets for cybercriminals, this data breach should not be taken lightly.

The immediate risks for Clarity.fm members are targeted phishing campaigns and other social engineering schemes that could allow attackers to gain access to financial accounts and other sensitive information.

“Another potential risk is the growing trend of ​​CEO fraud, also known as Business Email Compromise (BEC),” Fowler noted. “This is a type of spear phishing email attack where the perpetrator impersonates the CEO in an attempt to deceive recipients into disclosing sensitive information or performing financial transactions. “

Cybercrooks could also leverage deepfake technology when deploying their phishing campaigns to maximize the success of their schemes and potential financial rewards.

Protecting your identity in the data breach pandemic

Data breaches, leaks and other privacy concerns make headlines every single day. Use Bitdefender Digital Identity Protection to stay on top of them and protect your identity, with:

· A complete view of your digital footprint (map out your digital footprint and online accounts)

· 24/7 data breach monitoring

· Real-time notifications if your data is found in any data breach

· Details reports and expert guidance

· Industry’s first Identity Protection Score to understand the extent of a breach and how it can directly affect your safety, privacy and finances