Estee Lauder Exposed 440 Million Records Online – Researchers

Jeremiah Fowler reports (typos are in the original):

On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email addresses in each doccument. I immediately sent a responsible disclosure notice Estée Lauder alerting them to the exposure.

As in most large companies when reporting a data exposure it is usually extremely difficult to get through the firewall of gate-keepes, but several hours later and multiple emails the data was still exposed. After calling every phone number I could find I was able to reach someone by phone who then promised to pass on the information. The company acted fast and professionally and restricted public access to the database on the same day as my notification.

Read more on Security Discovery.

About the author: Dissent

Comments are closed.