Information Security News mailing list archives
Cosmetic giant Yves Rocher hit by data leak exposing 2.5 million customers
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 4 Sep 2019 05:48:16 +0000 (UTC)
https://techerati.com/news-hub/yves-rocher-data-breach-leak-exposed-aliznet-cybersecurity/ By James Orme Techerati September 3, 2019 Yves Rocher hit by wider breach affecting French retail consultancy Aliznet Personal information belonging to customers of companies working with French retail consultancy Aliznet, including 2.5 million customers of cosmetic and beauty giant Yves Rocher, has been exposed in a data leak. The Paris-based consultancy has previously served IBM, Salesforce, Sephora, Louboutin and Inwi, although it is understood the most sensitive data belongs to Canadian customers of Yves Rocher. The exposed database was discovered by vpnMentor on an unprotected Elasticsearch server after researchers working for the VPN review site discovered an unprotected API interface for an application Aliznet created for Yves Rocher. The researchers said the API gave them access to an explorer that hackers could use to add, delete or modify data in the company database. Alongside customer names, phone numbers, email addresses, date of births and zip codes, the records included customer IDs that could be used in combination with six million older Yves Rocher customer orders to identify further customers based on their purchases. The records also included the names of employees who processed each order and the location of the store. [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Cosmetic giant Yves Rocher hit by data leak exposing 2.5 million customers InfoSec News (Sep 03)