Brazil’s cosmetic giant Natura leaked 192 million records with payment data

It’s a massive security failure by The Natura & Co Group.

The massive security failure by The Natura & Co Group exposed 2 misconfigured AWS databases for weeks to the public.

A multi-billion dollar company based in Sao Paulo, Brazil has been found exposing highly sensitive, personal, and financial data of its customers. What’s worse is that the data was hosted on two misconfigured databases publicly available for anyone to access without any security authentication.

Known as Natura around the world; the company in the discussion is owned by The Natura & Co Group, a global personal care cosmetics group with representation in 73 countries across the globe. The same group owns beauty giants like Aesop, The Body Shop, and Avon.

See: Personal & banking data of 120 million Brazilians leaked online

According to researchers at Safety Detectives who identified the exposed data, both databases contained more than 192 million records. One database hosted records worth 1.3TB while the second database had 272GB of data.

In a report shared with, the researchers revealed the victims of the breach are more than 250,000 Natura customers who shopped using the company’s website. Moreover, 40,000 customers’ Moip (mobile communications over internet protocol) account details belonging to Wirecard with access tokens were also left exposed without any security protocol.


An in-depth analysis from researchers shows that both databases exposed the following information:

  • Gender
  • Full name
  • Nationality
  • Date of Birth
  • Telephone number
  • Previous purchases
  • MOIP account details
  • Mother’s maiden name
  • Welcome email template
  • Username and nickname
  • Email and physical addresses
  • Access token for
  • API credentials including unencrypted passwords
  • login credentials including hashed passwords

However, it didn’t end here. The researchers also identified confidential details related to the company’s cyber infrastructure such as a .pem certificate key along with “client secret.”

“The compromised server contained website and mobile site api logs thereby exposing all production server information. Furthermore, several “Amazon bucket names” were mentioned in the leak including PDF documents referring to formal agreements between various parties,” researchers analysed.

Although 90% of victims in the breach are Brazilians, the good news is that both databases have been secured after researchers contacted Amazon directly, due to the non-serious attitude of Natura who didn’t respond to the researchers in time and left the data exposed for weeks.

Originally, the data was discovered on 12 April 2020, but researchers believe that it was exposed since 26 March 2020.

If you are a Natura customer contact the company and inquire about the breach. Also, this is an ideal situation for hackers who might use the opportunity to conduct phishing scams using the stolen email addresses and pretend to be representatives from the company.

Therefore, watch out for malicious emails, do not click on any link given in the email, and refrain from putting your personal data in response to the email. Such emails can ask for full name, payment card details, PIN code, passwords, physical address, phone numbers, driver license, passport, or national insurance numbers.


Nevertheless, the fact that Natura had its database exposed to the public for weeks is enough to imagine the upcoming damage in case a third-party with malicious intent got their hands on it. As seen recently, cybercriminals have been scanning for exposed databases, stealing the data and selling it on dark web marketplaces, or leaking it on hacker forums for free download.

One such case was reported last month when personal details and phone numbers of 42 million Iranians were exposed on an Elasticsearch server and ended up on the dark web and a hacker forum for sale within days.

In another reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) Facebook users in December 2019. A year later in April 2020, the same database was being sold for $600 (€549 – £492) on a hacker forum.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts