Ikea plugs website security breach

Ikea has plugged a major hole in its website security, that allowed hackers and phishers to use the "contact Ikea"...

Ikea has plugged a major hole in its website security, that allowed hackers and phishers to use the "contact Ikea" function on the site, to access the retail giant's email system.

The security flaw gave hackers and phishers full access to the resources of its email servers, allowing them to send bulk outbound mail via Ikea's email servers.

Geoff Sweeney, chief technology officer of IT security company Tier-3, said, "Ikea's problems were caused because the contact template on the firm's home page was inadequately secured, allowing hackers with criminal intentions to insert alternative e-mail addresses in a contact form.

"This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea's mail servers using a simple script. The potential damage to the company's reputation and possibility of email blacklisting could be significant."




CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close