According to Source, Brazil’s biggest cosmetic company Natura has found leaked hundreds of gigabytes of their customer personal as well as payment-related information publicly accessible online that was accessed by anybody without requiring any authentication.
Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million records.
Finding the Reports, we Got that the exposed data includes personally identifiable information on 250,000 Natura customers, Every account login cookies along with the archives which containing logs from the servers and users.
The Leaked information also includes Moip payment account details tokens for nearly 40,000 wirecard.com.br user who integrated it with their Natura accounts as informed by ThehackerNews
Anurag said that around 90% of the were Brazilian customers, although other nationalities were are also the part of ”
What leaked from the server of the omer includes :
- Full Name
- Mother’s Name
- nationality
- Gender
- date of Birth:
- hashed login passwords
- username and Nickname
- MOIP accounts Details
- API credentials with unencrypted passwords
- Recent Purchases
- Email and physical addresses
- access token for wirecard.com.br
The unprotected server also had a secret permission certificate file that contains the key/passwords to the EC2 Amazon server where the Natura website is already hosted.
Source: TheHackernews
What happens if exploited the server key potentially could be allowed attackers to directly inject the digital skimmer into the company official website to steal the user’s all information including Payment details also.
According to experts, if you have connected with Natura you are advised to stay vigilant against identity theft you need to change the passwords and keep a close eye on every payment transaction if you feel any doubts directly connect with the cyber expert team.
Researchers always warned that the backend, as well as keys to servers, could be leveraged to manage further attacks and allow them to deep penetrations to the rest of existing systems
After all the experts connect with Amazon Services Company and let them know about the faulty server and the company immediately secures all servers and sends all server reporting.
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.