Natura exposes personal details of its usersChristian Fernsby ▼ | May 20, 2020
Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.
According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users.
Worryingly, the leaked information also includes Moip payment account details with access tokens for nearly 40,000 wirecard.com.br users who integrated it with their Natura accounts.
"Around 90% of users were Brazilian customers, although other nationalities were also present, including customers from Peru," Anurag said.
"The compromised server contained website and mobile site API logs, thereby exposing all production server information. Furthermore, several 'Amazon bucket names' were mentioned in th ■