Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted

The securWizCase experts found a major breach that affected the popular online retailer Cosmolog Kozmetik.

WizCase’s security team, led by Ata Hakçıl, has found a major breach in popular online retailer Cosmolog Kozmetik’s database. This breach exposed users’ names, email addresses, physical addresses, phone numbers, order details, and more.

Hundreds of thousands of users were compromised in the breach. There was no need for a password or login credentials to access this information, and the data was not encrypted.

What’s Happening?

Cosmolog Kozmetik is a Turkish online retailer and operates on almost all of the major Turkish e-commerce platforms including Trendyol, Hepsiburada, and Unishop. They are owned by Gercek Kozmetik. The company primarily deals in the sale and shipping of beauty products such as skincare and perfume. They also sell other goods under the name “Marketlog.”

Our team of ethical cyber researchers discovered an exposed Amazon S3 bucket belonging to the retailer containing over 9500 files and totalling almost 20GB of data. We tried to reach out to Cosmolog Kozmetik several times but received no response. We contacted the Turkish CERT as well as Amazon (hosting) a few times. At the time of writing, Cosmolog’s website wasn’t accessible.

What Data Was Exposed?

Pictured: An order registry with Personally Identifying Information redacted.

Pictured: An order registry from different websites with Personally Identifying Information redacted.

Cosmolog Kozmetik’s data breach made accessible over 5400 Excel files which exposed over 637,000 unique orders made by over 567,000 unique users on multiple e-commerce websites. The leaked order records revealed customers’ names, surnames, physical addresses, and purchase details such as items purchased and quantity of items. However, no payment information such as credit card numbers were found in the data breach.

In some cases, users’ phone numbers and email addresses were exposed too. The user details exposed were dependent on the platform the customer used to purchase items from Cosmolog Kozmetik. The amount of data available by user varies according to what the sites were sharing with Cosmolog. Below is a table of platforms the company operated on and what details were exposed on which platform:

Website	Names and Surnames	Physical Address	Email Address	Phone Number	Payment Information
Cosmolog’s Website	Yes	Yes	Yes	Yes	No
Unishop Unilever	Yes	Yes	Yes	Yes	No
N11	Yes	Yes	Yes	Yes	No
GittiGidiyor	Yes	Yes	Yes	Yes	No
Hepsiburada	Yes	Yes	Yes	No	No
Trendyol	Yes	Yes	No	No	No

The orders were being updated frequently. The oldest files dated back to September 2019 and the earliest were being updated and the earliest were still being updated as we discovered the breach. The bucket also contained over 4000 images, almost all of them being product pictures from their website, while others were pictures from cancelled orders (mostly damaged goods) taken by Cosmoslog’s staff.

Cosmolog’s parent company, Gercek Kozmetik, has a close relationship with Unishop’s parent company, Unilever. Cosmolog is even listed as a co-responsible on Unishop’s privacy page. This is why there was more information exposed from Unishop than from, say, Hepsiburada and Trendyol.

Pictured: Screenshots of Unishop’s privacy policy with Cosmolog listed as a co-responsible in both Turkish and English.

The greater danger of this breach comes from Cosmolog Kozmetik’s use of multiple e-commerce platforms. Many users on these Turkish sites don’t check the name of the seller when purchasing goods and might not be aware of their exposure. If you purchased goods from Turkish platforms such as Trendyol or Hepsiburada, it is important you check who sold you those products. If you bought any Cosmolog Kozmetik or Marketlog products, you might be at risk.

About the author:

Cybersecurity Research Team

If you want more details about the risks and on how to protect yourself give a look at the original post:

https://www.wizcase.com/blog/cosmolog-breach-report/

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.