Security News > 2020 > February > Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

A non-password protected cloud database containing hundreds of millions of customer records and internal logs for cosmetic giant Estée Lauder has been found exposed online, according to researchers.

Many of the records importantly contained plaintext email addresses.

It's unclear how long the Estée Lauder database was exposed or who else may have accessed the records during that time, he noted, so customers should be on the alert for phishing emails.

He praised the company for its quick action: "This is also a lesson in how large organizations can improve on the process of reporting potential data exposure quickly in order to rapidly resolve the issue, especially in the modern electronic age where millions of records can be stored in a single place and be accessed from nearly anywhere in the world. I give Estée Lauder credit for quickly resolving the issue once they were informed about it, as many organizations move far too slowly in this respect."

In January for instance, it was revealed that misconfigured Microsoft cloud databases containing 14 years of customer support logs had exposed 250 million records to the open internet for 25 days.

News URL

https://threatpost.com/estee-lauder-440m-records-email-network-info/152789/