Yves Rocher Data Breach (2019)

Security researchers with vpnMentor recently discovered that retail consultancy firm Aliznet was leaking the data of 2.5 million Canadian Yves Rocher customers via an unsecured Elasticsearch database. The exposed data includes names, phone numbers, email addresses, dates of birth and postcodes. In addition, the researchers found six million customer orders on the leaky server. The orders mentioned a unique customer ID that made it possible to link them to clients in the database. The server also exposed detailed information about the business operations of Yves Rocher that could be of significant value to the cosmetic giant’s competitors.