Reputation.com, a US-based provider of online reputation management (ORM) and customer experience (CX) tools, exposed a massive unsecured database containing 320GB of logs with nearly 120 million records on the public internet. The logs included cookies, timestamps, unique identifiers, and backend system data, posing a severe risk of account takeovers for major brands (including Fortune 500 companies like US Bank, Ford, GM, and BMW dealerships). The exposed data organized in monthly indices revealed user and application interactions, tracking information, and analytics, enabling potential attackers to exploit vulnerabilities in customer accounts. Despite multiple alerts from Cybernews researchers, the database remained publicly accessible, amplifying threats of fraud, unauthorized access, and reputational damage for hundreds of prominent brands relying on Reputation.com’s platform. The incident highlights critical lapses in data security, with sensitive log data left unprotected for an extended period.
TPRM report: https://www.rankiteo.com/company/reputation-com
"id": "rep5993459103025",
"linkid": "reputation-com",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '120 million records (indirect '
'impact on hundreds of brands)',
'industry': ['online reputation management (ORM)',
'customer experience (CX) tools'],
'location': 'United States',
'name': 'Reputation.com',
'type': 'software company'},
{'industry': 'banking',
'location': 'United States',
'name': 'US Bank',
'size': 'Fortune 500',
'type': 'financial institution'},
{'industry': 'automotive',
'location': 'United States',
'name': 'Ford Motor Company',
'size': 'Fortune 500',
'type': 'automotive manufacturer'},
{'industry': 'automotive',
'location': 'United States',
'name': 'General Motors (GM)',
'size': 'Fortune 500',
'type': 'automotive manufacturer'},
{'industry': 'automotive',
'location': ['United States', 'global (dealerships)'],
'name': 'BMW (select dealerships)',
'type': 'automotive manufacturer/dealerships'}],
'attack_vector': 'unsecured public-facing database/server',
'data_breach': {'data_encryption': 'none (data was unsecured)',
'data_exfiltration': 'unconfirmed (data exposed but no '
'evidence of exfiltration)',
'file_types_exposed': ['log files',
'JSON/structured data (likely)'],
'number_of_records_exposed': '120 million',
'personally_identifiable_information': ['indirect (via '
'cookies/identifiers)',
'potential PII in '
'analytics data'],
'sensitivity_of_data': ['moderate to high (account takeover '
'risk via cookies)',
'tracking/analytics data',
'backend system interactions'],
'type_of_data_compromised': ['logs',
'cookies',
'timestamps',
'unique identifiers',
'cookie strings',
'event data',
'application interaction logs']},
'date_detected': 'mid-August 2025',
'date_publicly_disclosed': '2025-08-20T00:00:00Z',
'description': 'Reputation.com, a US-based software company providing online '
'reputation management (ORM) and customer experience (CX) '
'tools, left a large database unlocked on the public internet. '
'The exposed data included 320GB of logs with nearly 120 '
'million records, containing cookies, timestamps, and '
'identifiers that risk account takeovers for major brands. The '
'database reportedly remains publicly accessible despite '
'Cybernews alerting the company in mid-August 2025. The logs '
'were generated by multiple Reputation.com applications and '
'stored on a server running a data visualization tool. The '
'exposed data includes cookies (usable for account takeovers), '
'timestamps, unique identifiers (linking to hundreds of major '
'companies), cookie strings (with user, product, and tracking '
'info), and general event/log data. The server likely served '
'as a comprehensive logging and monitoring system, capturing '
'all user and application interactions. Affected entities '
'include Fortune 500 brands like US Bank, Ford, GM, and BMW '
'dealerships.',
'impact': {'brand_reputation_impact': ['high (due to exposure of Fortune 500 '
'brands)',
'potential loss of trust in '
"Reputation.com's security practices"],
'data_compromised': ['cookies',
'timestamps',
'unique identifiers',
'cookie strings (user/product/analytics data)',
'event logs',
'application interaction logs'],
'identity_theft_risk': ['high (via cookie-based account '
'takeovers)'],
'operational_impact': ['risk of account takeovers for customer '
'brands',
'potential misuse of tracking/analytics '
'data'],
'systems_affected': ['Reputation.com applications',
'data visualization/exploration server',
'backend systems of customer brands']},
'investigation_status': 'ongoing (database reportedly still accessible as of '
'last report)',
'lessons_learned': ['Critical importance of securing public-facing databases',
'Need for access controls on data visualization tools',
'Proactive monitoring for exposed assets',
'Timely response to third-party vulnerability '
'disclosures'],
'post_incident_analysis': {'root_causes': ['misconfigured data visualization '
'server',
'lack of access controls',
'inadequate monitoring of '
'public-facing assets']},
'recommendations': ['Immediate securing of the exposed database/server',
'Audit of all public-facing systems for misconfigurations',
'Implementation of access controls and encryption for '
'sensitive logs',
'Notification to affected customer brands (e.g., US Bank, '
'Ford, GM, BMW)',
'Transparency in public disclosure and remediation steps',
'Review of incident response procedures for third-party '
'communications'],
'references': [{'date_accessed': '2025-08-20T00:00:00Z',
'source': 'Cybernews research report'},
{'date_accessed': '2025-08-20T00:00:00Z',
'source': 'TechRadar Pro article'}],
'response': {'communication_strategy': ['no public statement confirmed',
'limited response to Cybernews '
'outreach'],
'incident_response_plan_activated': 'unclear (Cybernews '
'attempted contact with '
'limited success)',
'third_party_assistance': ['Cybernews (research/reporting)']},
'title': 'Reputation.com left 320GB of logs exposed online, containing nearly '
'120 million records',
'type': ['data exposure', 'unsecured database', 'log leakage'],
'vulnerability_exploited': ['misconfigured data visualization tool',
'lack of access controls',
'publicly accessible server']}