Estee Lauder Exposes 440 Million Users’ Personal Information, Including Email Addresses And Network Statistics

Estee Lauder

The rapid expansion of big data, the Internet, and 5G not only provides mankind with limitless development potential, but it also creates a high number of data leakage occurrences. Estee Lauder’s official server was recently hacked, resulting in data leaking from its unencrypted cloud database, which contains hundreds of millions of client records and internal logs, according to security analysts.

Estee Lauder’s cloud server middleware was infiltrated, according to the researchers, and did not provide a secondary avenue for attackers and malware to enter Estee Lauder’s applications and user data.


According to security researchers, the data breach event exposed a total of 440,336,852 sensitive user data, many of which pertain to vital privacy information such as users’ unencrypted email addresses. Estee Lauder’s domain name @ Estee Lauder is even more crucial. Under com, there is also an internal email address. Log entries from Estee Lauder’s content management system (CMS) and server middleware activity are also included in the leaked data. According to current forensic evidence from security researchers, neither user payment data or employee sensitive information was revealed in the data exposure event.

The safety researchers noted in their safety report: “Estee Lauder has been a household name for almost 70 years, with an expected sales of $14.763 billion in 2019. As a result, it’s only natural that the company’s activities involve a huge data set or database. We are only now learning about this data breach, which involves a substantial number of customer e-mail addresses. She immediately told Estee Lauder of the situation after that. According to statistics, this data breach exposed 440,336,852 sensitive user records.”

The majority of the disclosed data, according to security specialists, can prepare attackers for large-scale network attacks in the future because it has finished the early network reconnaissance stage’s task. The attacker can use the IP address, port, path, and storage information of Estee Lauder’s network server, for example, to draw Estee Lauder’s internal LAN or external network (WAN) structure, as well as the middleware details used by the company to connect various data generation devices, from the leaked log records.

These data management front-ends must realize their functions across numerous internal systems, application services, communications, identity verification, and API administration, and middleware is often responsible for activities such as providing consistency front-end structure.

Malware can use exposed or unprotected middleware as an extra infiltration channel, allowing the attacker to infiltrate the target application or steal data. In this situation, any networked user can see the target machine’s current system or software version, as well as the path address and other information that could be exploited as a network back door.

In today’s Internet, database leakage due to incorrect configuration is all too typical, and many huge companies that keep a lot of data can’t be “avoided and difficult.” For example, a misconfiguration in Microsoft’s cloud database resulted in the leakage of 250 million data records for up to 25 days in January of this year. Some of the data and user accounts that have been disclosed date back to 2005, while the most recent user data dates from December 2019. As a result of the data exposure, consumers would undoubtedly be subject to phishing attacks and online fraud.

Most businesses believe that data backup is merely insurance in case of a problem. Today, we must always consider it to be a strategic asset. A growing number of ransomware attacks target enterprise backup data. Vinchin’s backup for virtual machines service is the final line of defense to assist businesses build data protection.

Backup and Recovery by Vinchin Provides oVirt backup and restoration, as well as virtual machine backup, for your full VMware vSphere environment in standalone ESXi or vCenter-managed hosts.

The product setup aids in the creation of an inside and out assurance plan to completely ensure the security of your strategic business information by applying a variety of implicit, easy-to-use reinforcement and restore functions. With a 60-day trial (unlimited Enterprise Edition) and no Visa required, Vinchin can help you to backup oVirt.