It’s been revealed that a misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs.
It’s been revealed that a misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is another example of a big name playing fast and loose with the sensitive data of their customers, and the scale of this leak is particularly embarrassing for Avon. It is simply unacceptable that a database of this size was left exposed with no password protection or encryption.
The leaked information – including phone numbers, dates of birth and home and email addresses – provides hackers with everything they need to launch a multitude of sophisticated and targeted attacks. Cyber criminals only need to be given an inch and they will take a mile, and the company has certainly left itself and its customers in a vulnerable position. Besides the potential cyber security ramifications, as customers’ home addresses have been exposed, their physical safety could also be at risk.
As these leaks continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over the data of their customers. It’s crucial that organisations adopt a multi-layered approach to security and implement the appropriate technologies correctly to keep these databases secure.