Avon Products, Inc. is owned Brazil’s Natura & Co. which itself leaked over 192 million records in May 2020.
The cyber security researchers at SafetyDetectives’ led by Anurag Sen have discovered a misconfigured cloud database containing data of popular cosmetics brand Avon. The unprotected server has leaked 19 million records so far, which includes personal data and technical logs.
Avon is owned by the Brazil-based Natura & Co., which acquired its 78% stakes in January 2020. Interestingly, as previously reported by Hackread.com, Natura itself got embroiled in a data leak controversy in May 2020 after an unprotected ElasticSearch database was discovered on Azure server leading to the exposure of over 192 million records.
One of the databases at that time contained 1.3TB worth of data, while the other had about 27GB of exclusive data.
See: UFO VPN leaks database again; gets taken over & destroyed by hackers
In May 2020, it was SafetyDetective that discovered the ElasticSearch database back in May, and this time around as well, it is the same team reporting about the Avon data leak.
In their blog post, researchers mentioned that Avon’s US website server was not protected by any security measures, which is why they were able to access it easily. This means the vulnerability can allow anyone with the IP-address of the server to access Avon.com’s open database.
The server stored the company’s web and mobile sites’ API logs; therefore, all production-related data, including over 40,000 internal OAuth tokens got exposed after the breach.
OAuth toke ..
Support the originator by clicking the read the rest link below.
