The Estée Lauder Companies Inc. accidentally left over 440 million records publicly exposed after failing to password-protect a corporate database, according to a researcher who spotted the oversight.

The misconfigured database was found to contain emails in plain text, including those sent from internal email addresses; references to reports and internal documents; and IP addresses, ports, pathways and storage information. Additionally, it stored Production, Audit, Error, CMS and Middleware logs. All in all, a grand total of 440,336,852 was left open for public discovery.

Estée Lauder has stated publicly that consumer information was not stored in the database.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.