Avon Products Cosmetics is a well-known brand. However, Avon Cosmetics, like every other brand, has its fair share of controversy. Safety Detectives researchers identified an unprotected database last month. This database belonged to Avon, a well-known cosmetics company. Even the most basic security safeguards were missing from the server. As a result, the detectives had no trouble getting in. What the detectives discovered astounded them. We will provide you with all of the important details on the leak in this article. So keep an eye out! Global cosmetics giant Avon (Avon) recently leaked 19 million records, including personal information and technical logs, due to a cloud server configuration error.
SafetyDetectives researchers found that Avon’s Elasticsearch database on Azure servers was publicly exposed and not password protected or encrypted.
In a subsequent report, SafetyDetectives explained, “The vulnerability effectively means that anyone with the server’s IP address can access the company’s open database.”
London-based Avon, which has more than $5.5 billion in annual sales worldwide, had been exposed for nine days before the 7GB of data exposed was discovered by the security firm on June 12.
The exposed database contained personally identifiable information (PII) about customers and employees, including full names, phone numbers, birth dates, email and home addresses, and GPS coordinates. Also included were more than 40,000 security tokens, OAuth tokens, internal logs, account settings, and technical server information.
According to SafetyDetectives, while PII can be used for a wide variety of identity fraud and subsequent phishing scams, the exposed technical details also pose a risk to Avon itself.
“Given the type and volume of sensitive information provided, hackers would be able to assume full server control and execute severely damaging actions that could permanently damage the Avon brand, expose ransomware attacks and cripple the company’s payment infrastructure.”
Interestingly, a June 9 filing with the U.S. Securities and Exchange Commission shows Avon referring to “a cyber incident in its information technology environment that disrupted certain systems and partially impacted operations.”
In a second affidavit dated June 12, Avon stated that it was planning to reboot its systems.
SafetyDetectives revealed, “Avon is continuing its investigation to determine the extent of the incident, including the potentially compromised personal data.” “That said, it is not yet possible to anticipate that credit card details will be affected as its main e-commerce site does not store that information.”
The exposure of PII is a cause for concern because it allows cybercriminals to carry out a variety of scams, such as identity fraud and phishing operations. On the other hand, exposing technical data, particularly OAuth tokens, offers a significant danger to Avon, as a hacker may take complete control of the server, install malware, attack the company’s payment infrastructure, and do irreversible harm.
By using effective virtual machine backup solutions, businesses can ensure that their data is constantly protected from loss or harm. Data on the cloud can be accessed at any time and from any location with an internet connection, making it simple to quickly restore a backup in the case of a disaster. With cloud backup technologies, businesses can quickly create a virtual environment to meet regulatory requirements and backup hyper v vm. Customers may simply scale their needs and only pay for what they need because to the nature of cloud technology.