Kromtech security researchers discoverd a Mongo Database configurations at a cosmetics company,
Tarte Cosmetics, that exposed almost 2 million of it’s customers to the web.   8.7 Gigabytes of information!  Once Tarte was contacted by the security researchers, they kept the site online and the data accessible for over two days, showing where they value their cyber security.

The data exposed were:

  • Customer name
  • Customer address
  • Customer address
  • Customer email
  • Purchase history
  • Last 4 digits of credit card

The Dates of the history kept were from 2008 until 2017.

The Database was indexed multiple times, including by a Ransomware group by the name of CRU3LTY

If you have purchased from Tarte, it is recommended you contact your credit card company and let them know of this breach and that you may have been a victim.

Security Always Matters.