High-Profile Business Leaders' Personal Info Leaked in Clarity.fm Data Breach

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

Clarity.fm, an online platform that connects entrepreneurs and professionals with on-demand expert advice from industry leaders and specialists, has experienced a data breach that leaked the personal information of more than 121,000 business leaders.

Among those affected are notable figures such as Mark Cuban, Eric Ries, and Brad Field The unsecured database in question included 121,000 member profiles and a total of 155,513 records which weren’t protected by a password.

The misconfigured database exposed individuals’ full names, phone numbers, and personal and professional email addresses. Additionally, it leaked sensitive information such as consultation content, payment records, hourly consultation rates, and internal scores.

“The records were marked as production data, indicating whether the individual was a member, leader, or mentor,” said cybersecurity researcher Jeremiah Fowler, who first reported on the leak.

He added that further investigation is required to determine if the compromised database originated from Clarity.fm or a third-party provider. He wrote that he immediately notified the company about the breach, and that they secured the database within a couple of days following his disclosure notice.

“Upon my discovery, I immediately sent a responsible disclosure notice, and the database was secured a few days later,” he explained. “I received several automated replies, but no official response. It remains unclear how long the database was exposed for, or if anyone else gained access, as only an internal forensic audit could identify this information.”

Although there’s currently no evidence that any threat actors accessed the unsecured data, the breach is pretty serious considering it involves high-profile individuals who are attractive targets for cybercriminals.

In addition to targeted phishing campaigns, a “potential risk is the growing trend of ​​CEO fraud, also known as Business Email Compromise (BEC),” Fowler noted. “This is a type of spear phishing email attack where the perpetrator impersonates the CEO in an attempt to deceive recipients into disclosing sensitive information or performing financial transactions.”

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment