Censornet has released a statement criticising the cosmetic firm Estée Lauder after a data leak saw 440,000,000 records posted online.
Cybersecurity firm Security Discovery first reported the data leak after finding the records posted online. They found:
- 440,336,852 logs and records that should not have been publicly exposed online.
- ‘User’ emails in plain text (including internal email addresses from the @estee.com domain)
- Production, Audit, Error, CMS, and Middleware logs were exposed.
- References to reports and other internal documents.
- IP addresses, Ports, Pathways, and storage info that cybercriminals could exploit to access deeper into the network.
There were millions of records pertaining to middleware that is used by the Estée Lauder company. Middleware is software that provides common services and capabilities to applications outside of what’s offered by the operating system.
CEO of Censornet Ed Macnair said: “This is another example of a big name failing to take responsibility for the way that they handle their data and suffering a large and embarrassing leak as a result. Although the details that were exposed have been described as ‘non-consumer’, it is unacceptable that a database of this size was left unsecured.”
“The leaked information may not prompt a direct attack on customers but the exposure of the company’s middleware could offer a backdoor into their network. Cyber criminals only need to be given an inch and they will take a mile, and the company has certainly left itself in an uncertain position despite responding to the situation quickly.”
“As these breaches continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over their internal data as well as that of their customers. It’s crucial that organisations adopt a multi-layered approach to security and implement the appropriate technologies to keep these databases secure.”
It’s reported the database did not contain payment data or sensitive employee information. It is unclear exactly how many ‘user’ email addresses were exposed or how long the Estée Lauder database was exposed or who else may have accessed the records.
If you would like to join our community and read more articles like this then please click here.
Business company cyber attack cyber security Data hack Information
Post written by: Vicky Maggiani
Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.
RELATED ARTICLES
January 7, 2025
Domain knowledge meets in-demand skills
The modern armed forces are undergoing a significant transformation. No longer is warfare confined to traditional battlefields; it has evolved
November 19, 2024
OSINT Technology advances are just what the UKs hard-pressed defence sector needs
Open-source intelligence (OSINT) is now critical to defence and national security, but the sheer volume of available online multi-media data
