Tarte Cosmetics Data Breach

This week, the Alert Logic team highlights the Tarte Cosmetics Data Breach and the New Reaper IoT Botnet. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Data Breach

Tarte Cosmetics Data Breach

Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers via two unsecured MongoDB databases.

The databases were publicly accessible and included customer names, email addresses, mailing addresses, and the last four digits of credit card numbers of customers who apparently shopped on Tarte’s website between 2008 and 2017.

References: Tarte Cosmetics Data Leak: Cru3lty Hackers Get Hold of Nearly 2 Million Customers' Data Left Exposed | Tarte Cosmetics Allegedly Compromised 2 Million Customers’ Information | Cruelty-Free Cosmetics Brand Tarte Exposes Personal Data of 2 Million Customers

Mitigation Strategies:

Malware

New Reaper IoT Botnet

A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now, just weeks later, it's on track to become one of the largest botnets recorded in recent years.

The botnet, dubbed "Reaper" by researchers, is said to have ensnared almost two million internet-connected webcams, security cameras, and digital video recorders (DVRs) in the past month.

References: Get Ready for the ‘Reaper’ Botnet: It’s Already Infected Over a Million Devices | Reaper Botnet Threatens Millions of IoT Devices | Hackers Prepping IOTroop Botnet with Exploits

Mitigation Strategies:

Security Insights

More Security Insights and Industry News

Check out our new blog posts, plus you can follow the blog on our social media outlets.

This Week's Suspicious IP Addresses

45.32.111.95 173.46.86.6
177.190.184.1 188.209.52.62
185.165.29.171 1.0.154.39

*IP addresses provided by Recorded Future.