Connect with me on Social Media

Do you like my Blog? Want to stay in touch? I value your comments and insights. Please use the link below to connect with me on social media.

You are more than welcome to leave your comments on the blog or send me an email with your questions and I will try to answer them. You can also request articles by sending an email to me.

THE BODY SHOP, AVON & NATURA ISO 27001 CERTIFIED COMPANIES LEAKED DATA OF 250,000 CUSTOMERS

Just an update from MyBeautyKing on our partner AVON Cosmetics and their recent Cyber Attack on their systems.

Specialists in a cyber security course have reported a new incident involving the personal information of millions of people. A multibillion-dollar company based in Brazil exposed highly sensitive information (personal and financial data) of its customers. According to the reports, the exposed information was hosted in poorly configured databases, making them available to any user.

The company in question, Natura & Co Group, is composed of a global cosmetics production and sales group with a presence in more than 70 countries. This corporation owns firms such as Aesop, Avon, and The Body Shop.

Experts in the cyber security course mention that the data breach involves two databases with more than 190 million records each. One of the exposed deployments stores information equivalent to 1.3 TB, while the second database contained 272 GB.

Thanks to a leaked report, the cybersecurity community was able to learn that more than 250,000 Natura customers have been affected by the data breach. It was also revealed that at least 40 thousand records of Wirecard’s mobile internet communications accounts (MOIPs) were also exposed. Among the information compromised are details such as:

  • Full name
  • Home address
  • Email address
  • Gender
  • Date and place of birth
  • Phone number
  • Purchase history
  • MOIP account details
  • Username and nickname
  • Access token for wirecard.com.br
  • API credentials that include unencrypted passwords
  • Natura.com.br login credentials including hash passwords

The incident was not limited to Natura’s customers. Soon after, experts in the cyber security course confirmed that the data breach also compromised confidential details about the company’s IT infrastructure. “The compromised server contained API logs from the Natura website, so all the information from the production server was exposed,” the experts mention. In addition, the leak also exposed the names of some Amazon buckets, which store PDFs related to agreements between the company and other parties. 

The International Institute of Cyber Security (IICS) recommends that Natura customers consult the company on the measures being taken to address this issue because, due to the nature of the information compromised, they could be exposed to phishing campaigns or identity fraud.

For security, customers should be wary of malicious emails, as well as avoid sharing their personal data online. In these cases it is common for firms to offer identity and banking fraud protection services, although Naturia has not made any more official returns. 

Are you affected?

Only time can tell. We don’t know the full extent of the breach yet. The fact is that all of Avon’s Systems are down and that world-class IT and security specialists are working on them right now. As usual all affected customers, agents and staff will be notified as soon as more details become available. 

How does this affect MyBeautyKing and MyBK customers?

MyBeautyKing customers are not at all affected by this data security breach! We use very good security off and on-site to prevent exactly those things from happening, so I can assure all of my customers that all the data with MyBeautyKing are safe and secure. However, this breach affects the current trading of MyBeautyKing in such a way as we are currently unable to place orders or track deliveries. So any order you place with us at the moment is going to be delayed and it is impossible to say for how many days or weeks this delay is going to happen. all we can say that for the past 10 days it is impossible for us to place new orders, track deliveries or process refunds and returns on the Avon Website.