Report: Aliznet Data Breach Exposes Data for Millions of Canadian Customers


Report: Aliznet Data Breach Exposes Data for Millions of Canadian Customers (Sep 3, 2019)

Alizent, a French consulting company, has suffered a data breach that resulted in Personally Identifiable Information (PII) and other forms of sensitive information being exposed. Yves Rocher, an international cosmetics and beauty company, customers’ full PII, order records, and private internal records were all viewable by researchers. The PII was identified to be belong to approximately 2.5 million Yves Rocher customers, as well as six million order records. Other data includes internal client data such as turnover, and order volumes, among others. A vulnerability in an Elasticsearch server API interface was also identified that could result in anyone with access to an employee ID, such as those exposed in the leak.

Recommendation: Leaks of this sort may cause affected individuals to be at a greater risk of phishing attacks. Actors can use this information to craft custom emails to increase their chances of malicious activity being approved by the recipient. Individuals who have accounts associated to this incident should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts. Individuals should also regularly monitor their credit reports for suspicious activity or consider an identity theft protection service.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.