Our security team, led byAnurag Sen, discovered Avon.coms US server without encountering any security measures or protection.
The vulnerability effectively means that anyone possessing the servers IP-address could pull up the companys open database.
Who is Avon.com?
Data breach shows various details regarding over 40,000 security tokens
However, the company is headquartered in London, UK.
Coincidentally,Natura & Co was embroiled in its very own cybersecurity debacle in April this year.
The transaction created the worlds fourth-largest pure-play beauty company that intends to court millions of customers worldwide.
Data breach shows various details regarding over 40,000 security tokens
What was leaked?
Therefore, users must generate refresh tokens to obtain a new OAuth token.
At last count, Avon.coms database contained over 7 GB of data and more than 19 million document records.
Log showing Oauth tokens and access tokens
First and foremost, exposed details could potentially be used to conduct identity fraud across different platforms and institutions.
About Us
SafetyDetectives.com
is the worlds largest antivirus review website.
Published on: Jul 28, 2020
Log showing Oauth tokens and access tokens
Internal log showing internal employee details
