Case Study - ​eCommerce Sector

 

Maintaining our client’s eCommerce capacity with minimum downtime, giving their customers confidence in the service

A major eCommerce company was made aware that the contents of its customer database had been compromised. This information was identified via an online blog owned by a security researcher who felt the company’s ability to maintain their customers’ data in a secure manner was negligent.

7Safe experts attended the client site and identified that their eCommerce website API was misconfigured and allowed malformed queries to be entered. This meant it was possible to obtain other customer information including both personal and data regarding purchases from the website. We also studied the company’s network and identified a number of security flaws, including logging failures, and the ability to navigate the network unhindered. We determined that collectively this would enable a hacker to gain unfettered access to company and client data with the ability to track such access greatly reduced.

We assisted with the reconfiguration of the website API and trained the company website engineers on secure coding practices. We also gave advice on network security and guidance to assist them to remediate, secure and investigate incidents more efficiently. We conducted further online investigations to determine the ‘hacker’ view of the website vulnerability to determine the likelihood of other attacks.

Our involvement allowed the client to maintain their eCommerce capacity with the minimum downtime and in the process give customers confidence that their personal information is being properly protected against hacking threats.

If you require Digital Investigation Services to address a security breach, contact one of our experts today. Or if you would like to assess you current website's security click here to find out more about penetration testing.