The Swedish company Oriflame is on the market for more than a dozen years. Its policy is closely related to the idea that anyone can be a representative and start sell and advertise their products. The company has gained a lot of employees in the form of representatives because of the broad spectrum of the workers that it’s acquired since the main 2 requirements are:
- Being 14 years old or older
- Having a passport or ID
The job is suitable both for some additional income as well as for building a career and the registration itself can be done simply through the official website of Oriflame. The database of Oriflame’s current and ex employees is enormous by itself and the fact that their products are activity being sold in more than 60 countries, as they are stating in their site, makes the damages specified bellow even more significant.
Around 4TB of their data, containing verification documents of citizens of various countries such as ID cards and passports, was leaked on a well known hacking/data dumping forum.
From the sample of the data it is visible that the IDs are taken right from the profiles of the people in the settings menu.
The database sample contains download pictures from ex and current employees that have applied online and uploaded IDs to confirm their account.
The distributor of the documents had released the total of 4 countries to this date (including Georgia, Kazakhstan, China and India) and claims that he will release the rest in the near future.
Next on his list will be China with what he claims to be 800k more documents.
Furthermore the user is offering the opportunity to prevent the leakage of a certain country by purchasing it directly from him. He also did not state anywhere that he personally beached it, meaning that if he is approached regarding a purchase and prevention of leakage of a certain country this is not a guarantee that the data won’t be distributed elsewhere in the web by someone else.