Censornet has released a statement criticising the cosmetic firm Estée Lauder after a data leak saw 440,000,000 records posted online.
Cybersecurity firm Security Discovery first reported the data leak after finding the records posted online. They found:
- 440,336,852 logs and records that should not have been publicly exposed online.
- ‘User’ emails in plain text (including internal email addresses from the @estee.com domain)
- Production, Audit, Error, CMS, and Middleware logs were exposed.
- References to reports and other internal documents.
- IP addresses, Ports, Pathways, and storage info that cybercriminals could exploit to access deeper into the network.
There were millions of records pertaining to middleware that is used by the Estée Lauder company. Middleware is software that provides common services and capabilities to applications outside of what’s offered by the operating system.
CEO of Censornet Ed Macnair said: “This is another example of a big name failing to take responsibility for the way that they handle their data and suffering a large and embarrassing leak as a result. Although the details that were exposed have been described as ‘non-consumer’, it is unacceptable that a database of this size was left unsecured.”
“The leaked information may not prompt a direct attack on customers but the exposure of the company’s middleware could offer a backdoor into their network. Cyber criminals only need to be given an inch and they will take a mile, and the company has certainly left itself in an uncertain position despite responding to the situation quickly.”
“As these breaches continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over their internal data as well as that of their customers. It’s crucial that organisations adopt a multi-layered approach to security and implement the appropriate technologies to keep these databases secure.”
It’s reported the database did not contain payment data or sensitive employee information. It is unclear exactly how many ‘user’ email addresses were exposed or how long the Estée Lauder database was exposed or who else may have accessed the records.
If you would like to join our community and read more articles like this then please click here.
Business company cyber attack cyber security Data hack Information
Post written by: Ciara Houghton
.
RELATED ARTICLES
March 22, 2024
Homeland - DISA outlines blueprint for new data strategy
By Kassie Garrett / DISA Enterprise Integration and Innovation The “2023 Data, Analytics and Artificial Intelligence Adoption Strategy,” developed by the
September 20, 2023
Land - Babcock and Palantir strengthen defence data capabilities
An announcement at DSEI confirmed a new partnership between Babcock International Group (Babcock) and Palantir Technologies UK, which will see
