440,336,852 documents exposed in Estée Lauder hack
Estée Lauder has seen more than 440 million internal records exposed in a massive data breach, according to reports from Security Discovery.
A cyberattack exposed 440,336,852 records containing swathes of internal emails in the latest instance of a major hack on a retailer.
Despite the large quantity of data jeopardised in the attack, Estée Lauder says no there was no evidence consumer records or payment details were at risk.
The cosmetics giant also assured consumers and its subsidiary brands that most of the data came from an internal “education platform”.
Security experts did warn that millions of documents related to ‘middleware’, which could enable hackers to access more sensitive data in future.
“There were millions of records pertaining to middleware that is used by the Estée Lauder company,” Security Discovery’s data analyst Jeremiah Fowler, who discovered the breach, said.
“Middleware is software that provides common services and capabilities to applications outside of what’s offered by the operating system. Data management, application services, messaging, authentication, and API management are all commonly handled by middleware.
“Another danger of this exposure is the fact that middleware can create a secondary path for malware, through which applications and data can be compromised. In this instance anyone with an internet connection could see what versions or builds are being used, the paths, and other information that could serve as a backdoor into the network.”