One of the world’s largest ORM platforms, Reputation.com, accidentally exposed 120 million logs (320GB) of internal systems without authorization. The leak included session cookies that could potentially allow attackers to hijack social media accounts of hundreds of top companies, including US Bank, Ford, GM, BMW dealers, and other Fortune 500 brands. The incident has not been closed yet.
A huge array of logs was exposed without any access systems: anyone could log in and extract session tokens and internal data.
The logs recorded:
Session cookies with access rights
Access keys to social networks and corporate tools
Company and user IDs
Logs of interaction with systems
Risks:
Hijacking of Facebook, Instagram, LinkedIn, X, Google Business accounts
Publishing fake posts on behalf of brands
Sabotaging marketing campaigns and PR
Manipulating reviews, analytics and customer support
The company does not respond to messages, the leak is still active.
Reputation.com is a key player in the field of online reputation and customer experience management, working with the corporate sector: auto, retail, healthcare, banking. The platform manages social networks, reviews, business listings and customer communications – which makes such a leak especially dangerous.
Such incidents usually fall under GDPR / CCPA, require token rotation, IP access restrictions and immediate SOC response.
This is one of the largest corporate social token leaks in recent years. If authorization cookie data falls into the hands of attackers, influence attacks, political manipulation, and financial blackmail could become a reality for hundreds of global brands.
