Hollywood Site Leaks Personal Data Of 260,000 Actors

popular US online casting agency MyCastingFile.com has leaked a significant volume of private data belonging to more than 260,000 users. This website is used to cast US talent in movies and television shows. The company behind the site claims to have recruited talent for productions such as NCIS: New Orleans, True Detective, Pitch Perfect and the last instalment of the Terminator series, Terminator Genisys.

The records from over 260,000 users including personally identifiable information (PII) such as both physical and email addresses, phone numbers and sensitive information about distinguishing physical features.

In total, close to 10 million records were leaked, adding up to around 1GB in size.If referring to server records, it would appear the breach first originated on 31 May 2020 but has since been fixed by the company, following our disclosure. The site allows users to create what it calls “talent profiles” whereby users complete a detailed questionnaire including sensitive personal information including weight, height and ethnicity details.

The site also allows children under the age of 18 to use its services, thereby raising the level of cybersecurity required for child protection.

In its privacy policy, the website operator states that its services are reserved for adults only and that all under-18 accounts must be managed by parents, but does confirm that children’s private information is stored on the company’s server alongside adult profiles. The leak contained several pieces of information that could be weaponized by hackers to commit identity theft and fraud, across various establishments and organisations both private and public.

  • Leaked email addresses could be targeted by sending alternative personal information obtained from MyCastingFile and falsely presented to look like a legitimate response. The combined collection of data creates an engaging approach for hackers and can lead to click-throughs to unsecured websites, malware downloads and virus intrusions.
  • Photographs provided by users can be harnessed to conduct scams involving facial recognition such as identity fraud, as well as being used to create multiple illegitimate profiles, to carry out what’s known as “catfishing”, the act of luring someone into a relationship by means of a fictional online persona.

User photographs could be potentially compromising, therefore, creating severe anxiety and/or reputational damage for those affected by the breach. Moreover, availability of sensitive private information such as photographs, videos or even medical information, can all be leveraged by nefarious users to extort and blackmail their targets.

The fact that this breach occurred at a casting agency raises various industry-specific concerns such as famous actors being stalked and people being lured into harmful situations under the pretense of securing a major movie role.

Safety Detectives:       ZDNet:       NewZZ:       IDAgent


You Might Also Read: 

AI Can Turn Hollywood Stars Into Pornographic Actors:

 

« Vital Necessity Of Cloud Computing Highlights Security Risks
Women In Cyber Security Are Paid Much Less Than Men »

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

Thursday August 27, 2020: Join SANS and AWS Marketplace to learn how you can leverage solutions to create visibility at scale and allow you to do more with your data and improve your security posture.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Tenable Network Security

Tenable Network Security

Tenable Network Security - The Rise of the Business-Aligned Security Executive. Is your security operation aligned with the overarching goals of the business?

Dark Reading

Dark Reading

Dark Reading is one of the most widely-read cyber security news sites on the Web

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

PartnerRe

PartnerRe

PartnerRe Ltd. provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Advantage

Advantage

Advantage provide tailored, comprehensive IT support services including Managed Security Services.

One Tech Managed IT Services

One Tech Managed IT Services

We provide IT support Portland. Experience the peace of mind associated with outsourcing your IT department to a team of pros. Services include Security Assessments and Data Security.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.