Estee Lauder is an international cosmetics company based out of Manhattan, New York, that makes 17.7 billion dollars each year. Estee Lauder sells makeup, fragrances, and hair and skin care products and has 22 subsidiaries.
The breach was a public access database that included the email addresses of Estee Lauder customers. "This education platform was not consumer facing, nor did it contain consumer data," the company stated. "We have found no evidence of unauthorized use of the temporarily accessible data."
The breach occurred when the customer list database had no form of password protection. Security researcher Jeremiah Fowler discovered the violation and spent two hours on the phone with Estee Lauder, attempting to contact someone who could help with the breach. "They closed it so fast that I was unable to get a real in-depth look inside many of the folders," he said.
This breach was discovered on January 30th, 2020.
The breach could affect any Estee Lauder customers. The company immediately removed the site from public access and launched an investigation. By the end of the study, there was still no evidence of an unauthorized party within the system.
A total of 440,336,852 people had their emails temporarily available. "The Estee Lauder Companies takes data privacy and security very seriously," it said. "As soon as we became aware, we took immediate action to secure the data and notify appropriate parties."