Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
The personal data of 250 thousand customers of a cosmetics company, found on an unprotected server

The personal data of 250 thousand customers of a cosmetics company, found on an unprotected server

Natura, a company of products for personal care and beauty, suffered a data breach that compromised the personal information of more than 250 thousand customers who had ordered products from its official website. Safetydetective’s security experts discovered two unprotected servers containing databases with over 192 million Nature records hosted on Amazon by 272 gigabytes and 1.3 terabytes.

In addition, the unprotected server also had a secret PEM (Privacy Enhanced Mail) file which in turn contained the password for another cloud-based Amazon server in which the Natura website is hosted. Such a password could have allowed malicious attackers to install a skimmer on the company’s website to steal users’ payment card details in real time.

It was found that the payment information of 40,000 customers from a third party company was also affected by the date Breach.

Although the data breach was first discovered on April 12, 2020, researchers at Safetydetective have stated that they are able to confirm that hundreds of gigabytes of information have been exposed since March 26, 2020.

According to experts, the data on display includes personal identification information (PII) of customers such as first name, mother’s maiden name, nationality, gender, hash access password, username and nickname. In addition, other important data that were exposed in the computer crash include, account details, API credentials with unencrypted passwords, recent purchases, phone number, email and physical addresses, an access token for electronic payment systems, account access cookies, along with archives containing logs from servers.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research