Login

Register

Login

Register

#cybersecurity | hacker | Estee Lauder database exposes 440M records


The Estée Lauder Companies Inc. accidentally left over 440 million records publicly exposed after failing to password-protect a corporate database, according to a researcher who spotted the oversight.

The misconfigured database was found to contain user emails in plain text, including those sent from internal email addresses; references to reports and internal documents; and IP addresses, ports, pathways and storage information. Additionally, it stored Production, Audit, Error, CMS and Middleware logs. All in all, a grand total of 440,336,852 was left open for public discovery.

Security Discovery researcher Jeremiah Fowler, who authored the blog post, said he discovered the exposed database on Jan. 30 and immediately disclosed the error to Estée Lauder. Reportedly, the New York-based personal care and make-up manufacturer fixed the problem that same day.

In the blog post, Fowler explained the significant of finding middleware in the database: “Data management, application services, messaging, authentication, and API management are all commonly handled by middleware,” wrote Fowler. “Another danger of this exposure is the fact that middleware can create a secondary path for malware, through which applications and data can be compromised. In this instance anyone with an internet connection could see what versions or builds are being used, the paths, and other information that could serve as a backdoor into the network.

It is unknown how long the data leak existed, how many user email addresses were affected and if any additional unauthorized parties were able to access the data.

Fowler told Forbes that the database “appeared to be a content management system that contained everything from how the network is working to references to internal documents, sales matrix data, and more.”

SC Media reached out to Estée Lauder for comment.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW