Experts Comments: Data Leak of 2.5 Million Customers Of Cosmetics Giant Yves Rocher

Cosmetics giant Yves Rocher is warning that a major data leak exposed the personal data of millions of its customers and sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm. Researchers with vpnMentor on Monday said that they discovered an unprotected Elasticsearch server owned by Aliznet, which provides consulting services to large firms including IBM, Salesforce, Sephora and Louboutin.


EXPERTS COMMENTS
Anurag Kahol, CTO ,  Bitglass
September 04, 2019
It does not take much effort for outsiders to find unsecured databases and access sensitive information.
It does not take much effort for outsiders to find unsecured databases and access sensitive information. In fact, there are now tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases. Because of these tools (and the continued carelessness of companies when it comes to cybersecurity), abusing misconfigurations has grown in popularity as an attack vector ac ....
[Read More >>]
Lecio DePaula Jr, FIP, CIPM, CIPP/US, CIPP/C, CIPP/E, Data Privacy Director,  KnowBe4
September 04, 2019
In order to prevent data leaks such as this one from happening, organizations need to be proactive in their approach.
It’s unfortunate that a simple database misconfiguration mistake can have such catastrophic results. We see in the industry today the majority of these breaches are caused by a misconfiguration or error, and this one is no different. For companies such as Yves Rocher who contracted with Aliznet, it is a tough situation, because you put trust in your third party contractors to create a secure app ....
[Read More >>]
George Wrenn, Founder and CEO,  CyberSaint Security
September 04, 2019
For both vendors and buyers, though, an integrated approach is critical.
Managing the extensive supply chains that global enterprises rely on today can be a cumbersome process, especially with legacy GRC tools or spreadsheets. From a purchaser perspective, businesses need to be aware and increasingly diligent when it comes to sourcing a vendor, especially when dealing with the sensitive information that we see in this case. For both vendors and buyers, though, an inte ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article