Avon Server Leaks User Info and Administrative Data
An unprotected server has exposed more than 7GB of data from the beauty brand.
A research team at SafetyDetectives has discovered an unprotected server for direct-sales beauty company Avon and found more than 7GB of data, including more than 19 million records, open and available with no authorization required.
The information on the server included both critical details about individuals and administrative data, such as OAuth tokens and administrative user names. Between the two types of data, attackers could conduct extensive identity theft operations and gain access to significant administrative capabilities on the server.
According to the researchers, around the time of their discovery in early June, Avon issued a pair of statements indicating that a data breach had occurred and was being remediated as systems were restarted. Avon noted that no financial data was involved in the breach because that data was not stored on the server involved.
Read more here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024