A cache labeled as Reputation.com with more than 120 million records has reportedly appeared on dark web forums. Security teams say the trove includes session cookies and internal logs, which raises the risk of account hijacking for consumers and enterprise brands. If your company uses Reputation.com, change passwords, enable two factor authentication, revoke active sessions, and review integrations right away.
- Scale and scope More than 120 million records allegedly tied to Reputation.com surfaced on dark web forums.
- High risk data Exposed session cookies and internal logs could let attackers take over live accounts.
- UK exposure Financial services and large consumer brands in the UK face elevated targeting.
- Immediate steps Reset passwords, turn on two factor, revoke tokens, and watch for unusual logins.
What happened and who flagged it
Proton’s Data Breach Observatory first flagged the dataset’s appearance. Proton CEO Andy Yen said the team “uncovered the appearance of over 120 million records marked as Reputation.com on prominent dark web forums.” While details are still emerging, the dataset is not a routine email dump. It reportedly includes artifacts that could enable live session takeovers across connected platforms used by both individuals and Fortune 500 teams.
What was exposed and why it matters
Security researcher Maksym Ivanov reviewed samples and described a more serious risk profile than typical breaches. The dataset reportedly contains session cookies and internal logs rather than only names and emails. In practice, that could let criminals piggyback on authenticated sessions, especially for social media and review management tools, and then change passwords, add MFA methods, or post on behalf of a brand.
This risk is amplified for corporate users who manage multiple brand pages and locations. Attackers aim for access that scales. The pattern echoes lessons from other SaaS incidents that showed how third party integrations can widen blast radius, as seen in the recent Salesloft and Drift wake up call.
How UK businesses could be hit
The UK’s finance heavy economy keeps it high on attacker lists. The IBM Cost of a Data Breach Report has repeatedly noted remote access abuse in follow on attacks. Tom Kelly, CEO of Bright Defense, said the “UK remains highly targeted due to its financial sector presence.” See the latest data breach statistics for context.
UK firms that rely on Reputation.com to manage reviews and social responses face a tricky window. Public disclosures can lag while investigations get underway, which gives threat actors time to weaponize fresh data. That is why preemptive hardening is worth doing even if your company has not received a notice yet.
Recommended Tech
If your support team is fielding more questions right now, you might want a triage assist. An AI powered customer service platform like Tidio can help route and resolve common queries fast while your security team works the incident.
What should you do now
If you use Reputation.com, treat this as a live fire drill. Move quickly and verify later.
- Reset passwords for Reputation.com and connected social or review accounts. Use unique passphrases.
- Turn on two factor authentication everywhere. Prefer an authenticator app or hardware key.
- Log out of all sessions, revoke OAuth tokens, and rotate API keys where possible.
- Watch login alerts for new devices, unusual locations, or admin changes.
- Limit or pause high privilege integrations with Reputation.com until you see an all clear.
- Back up social account ownership details and recovery contacts to prevent lockout.
Proton’s Andy Yen urged users to change passwords and enable two factor, especially for corporate profiles. Ivanov advised businesses to monitor session activity closely and review integrations with Reputation.com while the situation is assessed. Speed matters as AI driven attacks continue to shorten the time from data exposure to fraud.
Recommended Tech
Worried your info is circulating on the dark web? An all in one identity protection service like Aura can monitor for exposed credentials and help you lock down accounts before criminals try them.
Get the latest tech updates and insights directly in your inbox.
What comes next
Regulators have taken note. In the UK, the Information Commissioner’s Office said it is assessing details of the reported breach and will act where the data rights of UK residents may have been violated, according to a statement shared with TechRadar.
Proton’s Data Breach Observatory and other investigators are tracking how and where the data is spreading. Expect more clarity as validation work continues. You can follow additional coverage on sites like HackYourMom.
Why breach reporting still lags
This incident highlights a persistent industry problem. Many organizations take time to validate and disclose, which leaves people in the dark when speed matters most. Andy Yen has called for a more transparent reporting approach in Europe. GDPR sets notification timelines, but practice often trails policy, and that gap keeps risk elevated longer than it should.
FAQs
Has Reputation.com confirmed the breach?
Public reporting so far centers on findings from Proton’s Data Breach Observatory and independent researchers. Watch for statements on Reputation.com’s official channels and status pages for definitive scope and guidance.
What makes session cookies so dangerous?
Session cookies can act like a backstage pass. If an attacker gets a valid cookie, they might access an account without a password and then add their own two factor method, change settings, or post as you.
Were passwords or payment details included?
Samples reportedly include session cookies and internal logs. A full field list has not been confirmed publicly. Assume credentials, tokens, and any linked access could be at risk and rotate them.
How can I check if I am affected?
Look for unusual login alerts, new devices, or settings changes across your Reputation.com workspace and connected social accounts. Consider a breach monitoring service and search for your domains or brand handles in credential monitoring tools.
What should social media managers do today?
Lock down admin accounts first, review page roles, prune unused integrations, set alerting on critical actions, and keep a playbook ready to regain control if an account is hijacked.
