Wednesday, May 8, 2024
Home Cyber Attack Brazil's Cosmetic Brand Natura Find Exposes their User Personal Details

Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details

According to Source, Brazil’s biggest cosmetic company Natura has found leaked hundreds of gigabytes of their customer personal as well as payment-related information publicly accessible online that was accessed by anybody without requiring any authentication.

Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million records.

Finding the Reports, we Got that the exposed data includes personally identifiable information on 250,000 Natura customers, Every account login cookies along with the archives which containing logs from the servers and users.

The Leaked information also includes Moip payment account details tokens for nearly 40,000 wirecard.com.br user who integrated it with their Natura accounts as informed by ThehackerNews

Anurag said that around 90% of the were Brazilian customers, although other nationalities were are also the part of ”

What leaked from the server of the omer includes :

  • Full Name
  • Mother’s Name
  • nationality
  • Gender
  • date of Birth:
  • hashed login passwords
  • username and Nickname
  • MOIP accounts Details
  • API credentials with unencrypted passwords
  • Recent  Purchases
  • Email and physical addresses
  • access token for wirecard.com.br

The unprotected server also had a secret permission certificate file that contains the key/passwords to the EC2 Amazon server where the Natura website is already hosted.

natura data leak

Source: TheHackernews

What happens if exploited the server key potentially could be allowed attackers to directly inject the digital skimmer into the company official website to steal the user’s all information including Payment details also.

According to experts, if you have connected with Natura you are advised to stay vigilant against identity theft you need to change the passwords and keep a close eye on every payment transaction if you feel any doubts directly connect with the cyber expert team.

Researchers always warned that the backend, as well as keys to servers, could be leveraged to manage further attacks and allow them to deep penetrations to the rest of existing systems

After all the experts connect with Amazon Services Company and let them know about the faulty server and the company immediately secures all servers and sends all server reporting.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments