Maintaining our client’s eCommerce capacity with minimum downtime, giving their customers confidence in the service
A major eCommerce company was made aware that the
contents of its customer database had been compromised.
This information was identified via an online blog owned
by a security researcher who felt the company’s ability to
maintain their customers’ data in a secure manner was
7Safe experts attended the client site and identified that
their eCommerce website API was misconfigured and
allowed malformed queries to be entered. This meant it
was possible to obtain other customer information
including both personal and data regarding purchases
from the website. We also studied the company’s network
and identified a number of security flaws, including
logging failures, and the ability to navigate the network
unhindered. We determined that collectively this would
enable a hacker to gain unfettered access to company
and client data with the ability to track such access greatly reduced.
We assisted with the reconfiguration of the website API and
trained the company website engineers on secure coding
practices. We also gave advice on network security and
guidance to assist them to remediate, secure and investigate
incidents more efficiently. We conducted further online
investigations to determine the ‘hacker’ view of the website
vulnerability to determine the likelihood of other attacks.
Our involvement allowed the client to maintain their eCommerce capacity with the minimum downtime and in the process give customers confidence that their personal information is being properly protected against hacking threats.
If you require Digital Investigation Services to address a security breach, contact one of our experts today. Or if you would like to assess you current website's security click here to find out more about penetration testing.