The latest large-scale data leak involves the personally identifiable information of 192 million data records of customers in Brazil. Natura, one of the country’s largest cosmetics companies, had a leaky database hosted on two unprotected US-based Amazon servers.
Natura Cosmetics Data Breach: What Happened?
The leaky database was discovered by Safety Detectives. According to the report, 250,000 customers that had previously ordered beauty products from Natura’s website had their personal information made available to the public without the company’s knowledge. However, that’s not all. Payment information of 40,000 customers related to a third-party company known as Wirecard was also exposed for more than 2 weeks.
What is strange about the data leak is that since it was discovered and Natura being informed, the size of the data leak has been reduced from 272GB to 27.2GB, according to server logs, the researchers said. “This is a strong indication of purposeful impropriety aimed at concealing the severity of the leak. For example, an ill-intentioned hacker removing a precise number of records to conceal their actions.”
The compromised server contained website and mobile site api logs which exposed all production server information. A number of “Amazon bucket names” were also mentioned in the leak, including PDF documents referring to formal agreements between various parties, the researchers added.
In short, the leaky database contained over 270GB of data with more than 192 million records, with the following personal details:
Mother’s maiden name
Date of Birth
Natura.com.br login credentials including hashed passwords
Welcome email template
Username and nickname
MOIP account details
Api credentials including unencrypted passwords
Email and physical addresses
Access token for wirecard.com.br
The outcomes of such a data leak are numerous, and they are all bad for the involved individuals. In addition to the malicious attacks, such as phishing, that customers can be targeted with, the leaked data could also be used in identity fraud and further criminal activity. “Exposed details about the backend, as well as keys to servers, could be leveraged to conduct further attacks and allow deeper penetration into existing systems,” the researchers concluded.