News broke yesterday that second-hand electronics retailer CeX suffered a massive “online security breach” compromising the personal data and passwords of up to two million customers. The UK retailer said customers’ names, physical addresses, email addresses and phone numbers were compromised in the attack that saw “an unauthorised third party” illegally access its computer systems.
Reacting to this news, Gavin Millard, technical director at Tenable Network Security, said:
“Today’s reality is that sites are often breached with personal data compromised. But having robust protection to that data, such as salting and hashing, in case of a loss should be the standard for any site that stores private information.
Web application flaws can now be effortlessly checked via automated tools and the data behind the applications easy to steal with the right vulnerability available to an attacker. As cyber criminals become more sophisticated, so too do our defences. It’s important that organisations understand their cyber risk on external sites and address the easily exploitable issues before a data loss event occurs.”