Security News > 2020 > May > Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.

According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users.

Br users who integrated it with their Natura accounts.

Pem certificate file that contains the key/password to the EC2 Amazon server where Natura website is hosted.

If exploited, the key to the server potentially could have allowed attackers to directly inject a digital skimmer directly into the company's official website to steal users' payment card details in real-time.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/nXmT7BETy1Y/natura-data-breach.html