7GB Of Personal And Technical Information Leaked From “Avon Products” Cosmetics

Must Read

Avon Products Cosmetics is a huge brand name. But like every other brand, Avon Cosmetics also comes with its fair share of controversies. Last month the researchers of SafetyDetectives discovered an unsecured database. This database belonged to the well-know beauty company Avon. The server was lacking even the minimum security measures. And so it was easy for the investigators to get in. What the investigators found was shocking. Here in this article, we will share with you all the necessary information on the leak. So stay tuned!

“Avon Products” A Treasure Trove Of All Information

Rich search results found on Google when searched for "Avon Products"
Avon leaks personal log-in information and passwords. Image Source: Security Boulevard

The investigators went into the server where they found a trove of information.  There were 19 million records found. It includes technical data of the website and employees’’ personal information. The news did not go viral at first. However, there was a regulatory filing by the company on June 9, 2020. This filing confirms that there was a security data breach accident. The company mentions that “partially affected some systems and interrupted some operations”.

There was a second regulatory filing on July 12, 2020. Here the company states, “after communicating on July 9. It was about the security accident faced” the company is planning to restart. The company reported, “we are planning to restart some of our affected systems throughout our impacted markets. This will be the course for next week”.

SafetyDetectives Make Speculations About The Statements

Rich search results found on Google when searched for "Avon Products"
Avon Products. Image Source: HOTforSecurity-Bitdefender

SafetyDetectives make speculations that the statements given by the company have no link to their discoveries. On July 28, the investigators release a report. They mention that Avon.com had an unprotected server with API logs for both mobile and web sites. This means that there was an exposure of all product information along with refresh OAuth tokens and sign in.

There was 7GB of a data leak on the database. This includes all identifiable personal information and technical information. There were security tokens of more than 40,000. There were also internal longs, server information, and account settings. Besides this, the leak of data also contains information about PIN codes that were sent by SMS. This means the hackers can directly target the IT infrastructure of Avon.

The researchers add, “the hackers can mime cryptocurrency, conduct attacks, plant malware on the server systems”. There is, however, no link between the security breaches mentioned by Avon and the discoveries of the researchers. Yet, they should be following some precautionary measures. Customers and employees of Avon should inspect their accounts online and change their existing passwords.

 

Full Report : https://www.safetydetectives.com/blog/avon-leak-report/

Latest News

Neeraj Dhantewal is grabbing attention on Social Media

Today we will talk about the personality for whom success was never easy. His full name is Neeraj Dhantewal...