Ikea has plugged a major hole in its website security, that allowed hackers and phishers to use the "contact Ikea" function on the site, to access the retail giant's email system.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The security flaw gave hackers and phishers full access to the resources of its email servers, allowing them to send bulk outbound mail via Ikea's email servers.
Geoff Sweeney, chief technology officer of IT security company Tier-3, said, "Ikea's problems were caused because the contact template on the firm's home page was inadequately secured, allowing hackers with criminal intentions to insert alternative e-mail addresses in a contact form.
"This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea's mail servers using a simple script. The potential damage to the company's reputation and possibility of email blacklisting could be significant."