Natura, a provider of personal care and beauty products, suffered a data breach which compromised the personal information of more than 250,000 customers. The Brazilian cosmetics firm unknowingly leaked the personal information of customers who had ordered products from its official website.
Security firm SafetyDetective discovered two unsecured Amazon-hosted servers of 272GB and 1.3TB in size, that belongs to Natura. The unprotected servers consisted of more than 192 million records.
In addition, the unprotected server also had a secret Privacy Enhanced Mail (PEM) file that contained the password to an Amazon cloud-based server where the Natura website is hosted. If exploited, it could have allowed an attacker to install a digital card skimmer into the company’s website to steal users’ payment card details in real time.
It was found that payment information of 40,000 customers related to a third-party company Wirecard was also affected in the incident. Though the data breach was first discovered on April 12, 2020, researchers at SafetyDetective stated that they were able to confirm that hundreds of gigabytes of information was exposed since March 26, 2020.
“Since the data leak was discovered and Natura being informed, the size of the data leak has been reduced from 272GB to 27.2GB, according to server logs — this is a strong indication of purposeful impropriety aimed at concealing the severity of the leak. For example, an ill-intentioned hacker removing a precise number of records to conceal their actions,” SafetyDective said in a statement.
According to SafetyDetective, the exposed data includes personally identifiable information (PII) of customers like name, mother’s maiden name, DoB, nationality, gender, hashed login passwords with salts, username, and nickname. The other valuable data that leaked in the incident include, MOIP account details, API credentials with unencrypted passwords, recent purchases, telephone number, email and physical addresses, an access token for wirecard.com.br, their account login cookies, along with the archives containing logs from the servers.
After the discovery, SafetyDetective immediately reported the incident to Natura authorities. The unprotected server is now secured. “Instances of personally identifiable information being exposed could potentially lead to identity theft and fraud since they can be used by attackers for identification in various sites and locations. The risk of phishing and phone scams is also raised by the Natura data leak,” SafetyDetective added.