Researchers from MacKeeper’s Security Research Centre have discovered that Avon left some 620,000 Brazil-based records exposed on the internet for months, opening up the potential for cybercrime.

A database with 4.2GB of data that was left without password protection online for months was discovered in May last year, however, it has only recently come to light. Emails, addresses, phone numbers and website passwords were left open, according to Chris Vickery, MacKeeper’s security researcher.

Speaking to, Vickery said, “Having weak security or a misconfigured database is bad enough, but ignoring multiple notices with screenshots and other proof is irresponsible and risking customer data.”

It seems the website went offline around the same time ransomware attacks hit public MongoDB databases. It is not clear whether the affected consumers have been made aware of the situation.