Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A website selling Durex condoms in India suffered a data breach that revealed customers' names and orders.Databreaches.net reported that on March 5, a customer reportedly discovered that anyone could view his and other customers' orders on the kohinoorpassion.com website by simply inserting a different order ID number in the URL without any login required.Available information included names, addresses, phone numbers and the type of products ordered. The earliest order exposed online dated back to February 2009, though there is no confirmation as to for how long the customer records might have been accessible without a login. According to the customer's website about the breach, no credit card or financial data were exposed.The customer said that he contacted TTK-LIG, the marketer of the Durex brand in India and manufacturer of Kohinoor condoms, and SSL International, the owner of the Durex brand worldwide, about the problem and that by the next day, the site appeared to be better secured.The customer kept a blog of the incident and subsequent legal dealings with TTK-LIG's lawyers. This can be viewed here.Amichai Shulman, CTO of Imperva, claimed that victims of data breaches need to look beyond basic vulnerabilities such as SQL injections.He said: “It is always amazing that companies don't think their site defences will be probed by increasingly sophisticated hackers, let alone inquisitive internet users.“The fall-out from this saga is that the company has now been severely embarrassed internationally, and that's before any legal or regulatory action is involved. Companies need to wake up and smell the coffee when it comes to website security. A failure to make a modest investment at the development and implementation stages can result in considerably more cost - and damage to reputation - in the longer term."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.