Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

From threatpost.com

estee lauder data exposure

Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.

A non-password protected cloud database containing hundreds of millions of customer records and internal logs for cosmetic giant Estée Lauder has been found exposed online, according to researchers.

In all, 440,336,852 individual data pieces were exposed, according to researcher Jeremiah Fowler at Security Discovery. Many of the records importantly contained plaintext email addresses (including internal email addresses from the @estee.com domain). There were also reams of logs for content management systems (CMS) and middleware activity. Fortunately, there was no payment data or sensitive employee information included in the records that Fowler saw.

Read more…