News

Ikea plugs website security breach

Cliff Saran

Ikea has plugged a major hole in its website security, that allowed hackers and phishers to use the "contact Ikea" function on the site, to access the retail giant's email system.

The security flaw gave hackers and phishers full access to the resources of its email servers, allowing them to send bulk outbound mail via Ikea's email servers.

Geoff Sweeney, chief technology officer of IT security company Tier-3, said, "Ikea's problems were caused because the contact template on the firm's home page was inadequately secured, allowing hackers with criminal intentions to insert alternative e-mail addresses in a contact form.

"This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea's mail servers using a simple script. The potential damage to the company's reputation and possibility of email blacklisting could be significant."





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy