Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Primary Sources
Fashion retailer Express left customers' personal data and order ...
Fashion giant Express has patched its website to fix a security flaw that allowed anyone to view other people’s order details and personal information, TechCrunch has exclusively learned. At least a dozen of Express’ customer orders had been publicly listed in web search engine results. The security flaw exposed order confirmation pages on Express’ online store, revealing details of purchases and who made them. The exposed information contained customer names, phone numbers and email addresses; postal, billing, and delivery addresses; order details, including the items that a customer purchased; and partial payment card information, including the card type and the last four-digits. Express is a large clothing retailer with hundreds of stores across the United States, Mexico and Latin America. The once-publicly listed company is now run by WHP Global, which also owns several fashion and retail giants. Rey Bango, a security and privacy advocate, accidentally discovered the flaw after investigating a fraudulent purchase on a family member’s account, but found no way to report the flaw to Express. Bango asked TechCrunch to alert the company in an effort to get the bug fixed. “When I tried to look up if the order number was a legitimately formatted Express order number using Google, I saw a link to another order and someone else’s order information came up!” Bango told TechCrunch. TechCrunch verified that one could tweak the order confirmation webpage address to view the order and personal information of other customers. Express uses order numbers that are largely sequential, which makes it easy to potentially cycle through thousands of orders by changing the order number in the web address using automated web tools. After we contacted Express, the apparel giant fixed the flaw on Wednesday, but would not say if it plans to notify customers of the security lapse. When reached for comment, Express’ head of marketing Joe Berean told TechCrunch: “We take the security and privacy of customer information seriously and encourage anyone who identifies a potential security concern to contact us directly.” “Upon becoming aware of this issue, we investigated and continue to review the matter and have no further comment at this time,” said Berean. Berean would not say how customers could contact the company, nor detail if the company has plans to update its website to receive reports of security flaws, such as a vulnerability disclosure program. He did not say if...
What is the True Cost of a Data Breach in E-Commerce
In short: far more than you’re willing to risk. Data breaches in e-commerce are becoming more prevalent. Which is a big worry. Plus, they’re no longer just a “big company” problem either. Whether you’re a boutique furniture store selling a couple of pieces a month or a huge corp shifting tens of thousands of units a month, you’ve got to be vigilant. Smaller stores, I’m talking to you directly now; a single vulnerability might not just be an “oh no” hiccup, it’s a potential game over for your business. Data breaches often result in the immediate loss of capital, the compromise of sensitive customer data, and the destruction of a brand’s reputation. Meaning they risk breaking one of the most difficult things for any business to build or rebuild: customer trust. Before we look at the true cost of a data breach, we need to understand exactly what a data breach is. At its simplest, a data breach is any incident where sensitive, protected, or confidential data is copied, transmitted, viewed, or stolen by someone unauthorised to do so. In e-commerce specifically, this involves the exposure of Personally Identifiable Information (PII) and financial data. Data breaches occur through intentional cyberattacks, internal malicious actors, or simply (and very commonly) human error. Types of E-commerce Data Breaches Did you know that e-commerce faces near-constant cyber threats? As online shopping grows in popularity, attacks are becoming more frequent, more severe, and, thus, harder to stop. The most common data breaches are: Stolen Information (Data Exfiltration): The unauthorised transfer of data from a server. Hackers target databases containing customer names, emails, and encrypted or plain-text payment tokens. Password Guessing (Brute Force & Credential Stuffing): Automated attacks that use trial-and-error to guess administrative passwords or use leaked credentials from other platforms to gain access to customer accounts. Phishing: Social engineering attacks targeting employees to obtain login credentials or install malicious software on the company network. Malware and Viruses: Malicious code designed to infect systems to record keystrokes, capture screen data, or create “backdoors” for persistent access to the server. SQL Injection (SQLi): An attack that inserts malicious SQL code into input fields (such as search bars or contact forms) to manipulate the database and force it to reveal restricted data. Cross-Site Scripting (XSS): Injecting malicious scripts int...
Cybersecurity | Latest Cyber Security News | Reuters
Find latest cybersecurity news from every corner of the globe at Reuters.com, your online source for breaking international news coverage.
Daily CyberSecurity •
Securityonline is a huge security community. It is committed to the sharing of high-quality technical articles and safety reports, focusing on high-quality security and security incidents in the industry.
