Ikea plugs website security breach


Ikea plugs website security breach

Cliff Saran

Ikea has plugged a major hole in its website security, that allowed hackers and phishers to use the "contact Ikea" function on the site, to access the retail giant's email system.

The security flaw gave hackers and phishers full access to the resources of its email servers, allowing them to send bulk outbound mail via Ikea's email servers.

Geoff Sweeney, chief technology officer of IT security company Tier-3, said, "Ikea's problems were caused because the contact template on the firm's home page was inadequately secured, allowing hackers with criminal intentions to insert alternative e-mail addresses in a contact form.

"This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea's mail servers using a simple script. The potential damage to the company's reputation and possibility of email blacklisting could be significant."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy