Estee Lauder divulges sensitive information of 440 million users, including email addresses and network data

The rapid development of big data, Internet and 5G not only brings unlimited development opportunities to mankind, but also gives birth to a large number of data leakage events. According to security researchers, Estee Lauder’s official server was recently hacked, resulting in data leakage from its unencrypted cloud database, which contains hundreds of millions of customer records and internal logs.

According to the researchers, Estee Lauder’s cloud server middleware was compromised and did not provide a secondary path for attackers and malware to infiltrate Estee Lauder’s applications and user data.

According to security researchers, a total of 440336852 sensitive data of users were leaked in the data disclosure incident, many of which belong to important privacy information containing users’ plaintext email addresses. More importantly, Estee Lauder’s domain name @ Estee Lauder There is also an internal email address under com. Furthermore, the leaked data includes log entries from Estee Lauder’s content management system (CMS) and server middleware activities. Fortunately, no user payment data or employee sensitive information was exposed in the data disclosure event, according to current forensic data from security researchers.

In their safety report, the safety researchers wrote: “Estee Lauder has been a household name for over 70 years, and its revenue in 2019 is estimated to be around $14.763 billion. As a result, it is natural for the company to have a large data set or database associated with its operations. This data breach incident involves a large number of consumer e-mail addresses, and we are only now learning about it. Following that, she immediately informed Estee Lauder of the incident. According to statistics, 440336852 sensitive user data were leaked in this data leakage incident.”

According to security researchers, the majority of the leaked data can prepare attackers for large-scale network attacks in the future because it has completed the work of the early network reconnaissance stage. The leaked log records, for example, contain the IP address, port, path, and storage information of Estee Lauder’s network server, and the attacker can use this information to draw Estee Lauder’s internal local area network (LAN) or external network (WAN) structure, as well as the middleware details used by the company to connect various data generation devices.

Middleware is typically responsible for tasks such as providing consistency front-end structure, and these data management front-ends must realize their functions across multiple internal systems, application services, messages, identity authentication, and API management.

Exposed or unprotected middleware can provide an additional intrusion path for malware, allowing the attacker to invade the target application or steal the target data. In this case, any networked user can view the system or software version currently being used by the target system, as well as the path address and other data that can be used as a network back door.

Database leakage due to incorrect configuration is a very common occurrence in today’s Internet, and many large companies that store a large amount of data cannot be “avoided and difficult.” For example, in January of this year, it was reported that 250 million data records were leaked for up to 25 days due to a misconfiguration in Microsoft’s cloud database. Some of the leaked data and user accounts date back to 2005, while the most recent user data is from December 2019. There is no doubt that users will be vulnerable to phishing attacks and online fraud as a result of the leaked data.

Most businesses believe that data backup is merely insurance in case of a problem. Today, we must always consider it to be a strategic asset. A growing number of ransomware attacks target enterprise backup data. Vinchin’s information backup and recovery service is the final line of defense to assist businesses build data protection.

Vinchin Backup and Recovery protects your entire VMware vSphere environment in standalone ESXi or vCenter-managed hosts, and provides VMware backup and restore as well as virtual machine backup.

The product arrangement helps with making an inside and out assurance plan to completely guarantee the security of your strategic business information by utilizing various implicit simple to use reinforcement and reestablish functionalities. Vinchin can assist you with your VMware insurance with a 60-day trial (unlimited Enterprise Edition) and no Visa required.

Interesting Related Article: “3 tips to secure your business against data breaches