Incident Of The Week: Security Researcher Uncovers 440 Million Records From Estée Lauder

A example of how responsible disclosure can help secure a business. It makes me wonder what measures are in place to identify if/when the data that was exposed is being used in the wild…:

[…] In late January, a non-password protected database containing more than 440 million records was discovered by security researcher Jeremiah Fowler. After further review, it was determined to be connected to New York-based cosmetic company Estée Lauder. The company was sent a responsible disclosure notice and restricted public access to the database on the same day that it was notified.

“The database appeared to be a content management system that contained everything from how the network is working to references to internal documents, sales matrix data, and more,” Fowler said. The email addresses were assumed to be part of a digital commerce or online sales activity used in a middleware system.


Original article here