An unprotected database containing 440 million records owned by US cosmetics giant Estée Lauder has been exposed online.
The company has now blocked access to the database, which contained plain text email addresses belonging to users of a company-owned education platform.
The discovery was made by researchers at Security Discovery, who say the database was likely part of a CMS or a middleware used by the company and somehow made its way to the internet.
- Palo Alto Networks hit by data leak (opens in new tab)
- Russia's Sberbank hit with huge data leak (opens in new tab)
- Tech Data leaks 246GB of customer data (opens in new tab)
Estée Lauder’s privacy protection team is investigating the breach, which saw an entire unencrypted database exposed online without any form of protection.
Researchers say the exposed information included email address, references, internal documents, IP addresses, ports, pathways, and storage info, which could easily be used by the hackers to create a backdoor into the system.
In a statement, Estée Lauder said: “on 30 January 2020, we were made aware that a limited number of non-consumer email addresses from an education platform were temporarily accessible via the internet."
"This education platform was not consumer facing, nor did it contain consumer data. We have found no evidence of unauthorised use of the temporarily accessible data," it added.
Once the issue was reported, Estée Lauder acted swiftly and closed off the database within 24 hours.
- Here's our choice of the best antivirus (opens in new tab) software of 2020
Via Forbes (opens in new tab)