Security News > 2020 > February > Beauty and the Breach: Estée Lauder Exposes 440 Million Records in Unprotected Database
Cosmetic company Estée Lauder exposed 440 million records to the Internet in a database that was left accessible without proper protection, a security researcher says.
The exposed database was discovered on January 30 by Security Discovery security researcher Jeremiah Fowler, who attempted to contact Estée Lauder immediately after identifying user email addresses in the database.
The security researcher notes that the database contained "Millions of records pertaining to middleware" that Estée Lauder is using.
Fowler, who says that the database was secured before he could investigate further, believes that no payment data or sensitive employee information was stored in the database.
"On 30 January, 2020, we were made aware that a limited number of non-consumer email addresses from an education platform were temporarily accessible via the internet. This education platform was not consumer facing, nor did it contain consumer data. We have found no evidence of unauthorized use of the temporarily accessible data. The Estee Lauder Companies takes data privacy and security very seriously. As soon as we became aware, we took immediate action to secure the data and notify appropriate parties," Estee Lauder Companies said, responding to a SecurityWeek inquiry.