Corin Imai, senior security advisor at DomainTools:
“Cybercriminal operations thrive off the kind of data that this database left exposed: sensitive personal identifiable information can be sold online and exploited in all sorts of subsequent campaigns. Fortunately, security researchers promptly brought the misconfiguration to the attention of Estee Lauder, who quickly secured the database.
Although there is no evidence that data was stolen, people potentially affected should be weary of any email they receive that requests them to reset their credentials or to provide any kind of authentication. Unfortunately, in the wake of a data breach, criminals often exploit the circumstances to plan campaigns aimed at capitalising on the victims of such a breach. They will be expecting a warning email from the organisation that was compromised and thus more likely to believe a well-designed malicious message.”
Oliver Pinson-Roxburgh, cofounder of Bulletproof:
“Unfortunately, it’s common for companies to still be struggling with very basic issues. Throughout 2019 our penetration testing team conducted hundreds of tests, including application, infrastructure, API, mobile and even hardware tests.
