Estée Lauder exposed 440 million internal records
Topics: ESTéE LAUDER
The discovery of the database was made on January 30, 2019, and the evidence of the owner being Estée Lauder was all over the place.
The records contained highly sensitive corporate information, network data, user details, etc., all in plaintext form and without any password set up to protect them.
Here is what the exposed records contained according to Fowler:
440,336,852 logs and records that should not have been publicly exposed online.
“User” emails in plain text (including internal email addresses from the @estee.com domain)
Production, Audit, Error, CMS, and Middleware logs were exposed.
References to reports and other internal documents.
IP addresses, Ports, Pathways, and storage info that cybercriminals could exploit to access deeper into the network. ■