The massive security failure by The Natura & Co Group exposed 2 misconfigured AWS databases for weeks to the public.
A multi-billion dollar company based in Sao Paulo, Brazil has been found exposing highly sensitive, personal, and financial data of its customers. What’s worse is that the data was hosted on two misconfigured databases publicly available for anyone to access without any security authentication.
Known as Natura around the world; the company in the discussion is owned by The Natura & Co Group, a global personal care cosmetics group with representation in 73 countries across the globe. The same group owns beauty giants like Aesop, The Body Shop, and Avon.
See: Personal & banking data of 120 million Brazilians leaked online
According to researchers at Safety Detectives who identified the exposed data, both databases contained more than 192 million records. One database hosted records worth 1.3TB while the second database had 272GB of data.
In a report shared with Hackread.com, the researchers revealed the victims of the breach are more than 250,000 Natura customers who shopped using the company’s website. Moreover, 40,000 customers’ Moip (mobile communications over internet protocol) account details belonging to Wirecard with access tokens were also left exposed without any security protocol.
An in-depth analysis from researchers shows that both databases exposed the following information:
Gender
Full name
Nationality
Date of Birth
Telephone number
Previous purchases
MOIP account details
Mother’s maiden name
Welcome e ..
Support the originator by clicking the read the rest link below.
