Skip to main content

Estée Lauder suffers massive breach, 400m records exposed

(Image credit: Shutterstock)

An unprotected database containing 440 million records owned by US cosmetics giant Estée Lauder has been exposed online. 

The company has now blocked access to the database, which contained plain text email addresses belonging to users of a company-owned education platform.

The discovery was made by researchers at Security Discovery, who say the database was likely part of a CMS or a middleware used by the company and somehow made its way to the internet.

Middleware

Estée Lauder’s privacy protection team is investigating the breach, which saw an entire unencrypted database exposed online without any form of protection.

Researchers say the exposed information included email address, references, internal documents, IP addresses, ports, pathways, and storage info, which could easily be used by the hackers to create a backdoor into the system.

In a statement, Estée Lauder said: “on 30 January 2020, we were made aware that a limited number of non-consumer email addresses from an education platform were temporarily accessible via the internet."

"This education platform was not consumer facing, nor did it contain consumer data. We have found no evidence of unauthorised use of the temporarily accessible data," it added.

Once the issue was reported, Estée Lauder acted swiftly and closed off the database within 24 hours. 

Via Forbes