Ikeahas plugged a major hole in its website security, that
allowed hackers and phishers to use the "contact Ikea" function on
the site, to access the retail giant's email system.
The security flaw gave hackers and phishers full access to the
resources of its email servers, allowing them to send bulk outbound
mail via Ikea's email servers.
Geoff Sweeney, chief technology officer of IT security company
Tier-3, said, "Ikea's problems
were caused because the contact template on the firm's home page
was inadequately secured, allowing hackers with criminal intentions
to insert alternative e-mail addresses in a contact form.
"This basically allowed anyone with a little technical knowledge
to generate millions of phishing and/or spam messages from Ikea's
mail servers using a simple script. The potential damage to the
company's reputation and possibility of email blacklisting could be
significant."
