Cyber Incident Victim: Beautyblender

In July 2017, Rea.deeming Beauty, Inc., operating as cosmetics retailer Beautyblender, experienced a security breach involving malware on its e-commerce platform. The incident was initially detected after two customers reported fraudulent transactions on credit cards previously used for purchases on beautyblender’s website. This prompted an investigation involving the company’s web hosting provider, which identified malicious software on the checkout forms designed to harvest payment card details. The web hosting provider discovered the malware in October 2017, with a third-party forensic investigator validating these findings by late November 2017. The forensic team attempted to establish the malware’s initial installation timeline but encountered critical obstacles due to the absence of recent website backups from the hosting provider. The last available backup dated to April 23, 2015—over two years prior to the breach—rendering historical analysis impossible beyond July 28, 2017, the earliest confirmed date of malware presence identified through alternative forensic methods.

Beautyblender’s inability to determine the malware’s installation window prior to July 28, 2017, prevented a full assessment of the breach’s scope and severity. Consequently, the company issued breach notifications to all customers who had made purchases through its online store, regardless of transaction date, advising them to monitor for fraudulent activity. The notification, submitted to California’s Office of the Attorney General, outlined steps for customers to protect against identity theft and financial fraud but did not specify the number of affected individuals or cards. No additional technical details regarding the malware’s operation or potential data exfiltration were disclosed. The lack of backups forced Beautyblender into a comprehensive notification strategy despite uncertainty about the attack’s duration or full impact.