CyberNews Briefs

Cosmetics Giant Avon Leaks 19 Million Records

Researchers have uncovered a misconfigured cloud server operated by cosmetics brand Avon, allowing the public to access more than 19 million records. SafetyDetectives researchers found the Elasticsearch database on an Azure server that contained no password protection or encryption, meaning that anyone who has the server’s IP address could access Avon’s database.

The database contains 7GB of data and was left open for nine days before discovery on June 12. Avon is a global cosmetics company that currently boasts over $5 billion in annual worldwide sales. The information exposed in the breach includes personally identifiable information on customers and employees, including phone numbers, full names, GPS coordinates, home, and email addresses, date of birth, and more. In some cases, technical server information such as internal logs, account settings, and security tokens was exposed.

Read More: Cosmetics Giant Avon Leaks 19 Million Records

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.