International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers.
Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm.
Researchers with vpnMentor on Monday said that they discovered an unprotected Elasticsearch server owned by Aliznet, which provides consulting services to large firms including IBM, Salesforce, Sephora and Louboutin. The server contained data about international cosmetics and beauty brand Yves Rocher, which is one of Aliznet’s clients, as well as exposing full personal identifiable information of millions of Yves Rocher customers.