Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

May 20, 2020
in Internet Privacy
Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Brazil’s biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers’ personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.

SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of more than 192 million records.

You might also like

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users.

Worryingly, the leaked information also includes Moip payment account details with access tokens for nearly 40,000 wirecard.com.br users who integrated it with their Natura accounts.

“Around 90% of users were Brazilian customers, although other nationalities were also present, including customers from Peru,” Anurag said.

“The compromised server contained website and mobile site API logs, thereby exposing all production server information. Furthermore, several ‘Amazon bucket names’ were mentioned in the leak, including PDF documents referring to formal agreements between various parties,” Anurag said.

More precisely, the leaked sensitive personal information of customers includes their:

  • Full name
  • Mother’s maiden name
  • Date of Birth
  • Nationality
  • Gender
  • Hashed login passwords with salts
  • Username and nickname
  • MOIP account details
  • API credentials with unencrypted passwords
  • Recent purchases
  • Telephone number
  • Email and physical addresses
  • Access token for wirecard.com.br

Besides this, the unprotected server also had a secret .pem certificate file that contains the key/password to the EC2 Amazon server where Natura website is hosted.

If exploited, the key to the server potentially could have allowed attackers to directly inject a digital skimmer directly into the company’s official website to steal users’ payment card details in real-time.

“Exposed details about the backend, as well as keys to servers, could be leveraged to conduct further attacks and allow deeper penetration into existing systems,” the researcher warned.

SafetyDetective tried reporting its researcher’s findings directly to the affected company last month but failed to receive any response on time, after which it contacted Amazon services, who then asked the company to secure both the servers immediately.

At the time of writing, it’s unknown if the unprotected servers and the sensitive data stored on them were also accessed by a malicious actor before they went offline.

So, if you have an account with Natura, you are advised to stay vigilant against identity theft, change your account password and keep a close eye on your payment card transactions for signs of any suspicious activity.

“Instances of personally identifiable information being exposed could potentially lead to identity theft and fraud since they can be used by attackers for identification in various sites and locations,” the researcher added. “The risk of phishing and phone scams is also raised by the Natura data leak.”


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Microsoft Build brings announcements for cloud data, analytics services, and intersection of the two

Next Post

WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

Related Posts

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
Microsoft Exchange Cyber Attack — What Do We Know So Far?
Internet Privacy

Microsoft Exchange Cyber Attack — What Do We Know So Far?

March 9, 2021
Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
Internet Privacy

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

March 8, 2021
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Next Post
WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS
Neural Networks

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
How to Begin Using DevSecOps for your Team
Data Science

How to Begin Using DevSecOps for your Team

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Operationalizing AI – Introduction to the ModelOps Pipeline March 9, 2021
  • SCA invests in Australian AI and machine learning company March 9, 2021
  • How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS March 9, 2021
  • Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates