A misconfigured server belonging to Reputation.com, a major online reputation management and customer experience platform, has exposed over 120 million records containing sensitive backend data, including session cookies that could enable attackers to hijack customer social media accounts.
Discovered by researchers from Cybernews on August 18, 2025, the exposed server contained 320GB of internal logs accessible without authentication. The unsecured database revealed extensive data from multiple Reputation.com applications, potentially impacting hundreds of major brands, including Ford, General Motors, US Bank, and several BMW dealerships.
Large-Scale Data Exposure and Potential Impact
According to Cybernews, the exposed logs contained detailed system data such as timestamps, unique company identifiers, session IDs, and cookie strings associated with user activity. These cookies could grant unauthorized access to customer accounts and social media management dashboards, allowing attackers to manipulate brand presence, post unauthorized content, or harvest sensitive marketing data.
“This incident might severely impact many known brands using the platform,” Cybernews researchers warned. “The logs contained cookies, which could be used for customer account takeovers, and other data from backend systems used by customers.”
The logs were organized into monthly indices referencing common database events such as “create,” “read,” “update,” and “delete.” Some indices contained millions of entries, indicating a highly active data processing environment.
Exposed Data Categories and Security Risks
The leaked dataset included several critical information fields:
- Timestamps documenting precise event times.
- Unique identifiers such as
company_uid,id, andsession_id, revealing internal mappings of clients and user sessions. - Cookie strings containing product version details, user permissions, and analytic information.
- General application data related to events, content types, and backend versions.
Researchers believe the exposed server functioned as part of a logging and monitoring infrastructure, designed to capture every user and application interaction for analytics and debugging purposes. Without proper access controls, this data could be harvested by threat actors to pivot into customer systems or conduct large-scale credential abuse campaigns.
Disclosure Attempts and Ongoing Exposure
Cybernews stated that multiple responsible disclosure attempts were made to Reputation.com, but the exposed instance remained publicly accessible at the time of publication. It remains unclear whether any third party accessed or downloaded the dataset.
Reputation.com, which provides brand management solutions for Fortune 500 companies, has not yet responded to requests for comment. The lack of timely mitigation raises concerns about data misuse and the potential exposure of connected enterprise environments.
This breach underscores the growing risks associated with cloud misconfigurations and unsecured analytics systems, which continue to serve as entry points for attackers seeking access to high-value corporate data.
