Security researchers have found a major data breach at cosmetics giant Sephora. The research team, led by Aaron Phillips, can confirm that nearly half a million customers’ personal data was unsecured online. Sephora is a gigantic French cosmetics store with many locations in the United States but also trying to gain a foothold in Europe and the Netherlands.
Affected users are members of the pre-2019 Sephora rewards program. We analyzed the leak and created a timeline of events.
What data was on the street?
The following personal data were found during the data breach:
Card numbers matching Sephora Beauty Inside Account numbers Full names Email addresses Phone numbers Sephora rewards points
The data was exposed when Sephora exported information from their database and stored it on the Amazon cloud.
Our team took screenshots, and a small snippet of the data that was discovered can be seen above. Sephora sealed the leak after a few days. As you can see there was personal information in the fields full name, email, card_numbers, and phone_number.