Customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider they were sharing.
Thankfully the breach was discovered by a white hat hacker rather than malicious hackers. The white hat accessed a server running a shared database that contained the personal details of the online clothing stores’ customers.
In all, the exposed information contained personal information of approximately 1.4 million users, hashed passwords, password salts, names, email addresses, phone numbers and other data.
There was however no suggestion that payment card information was at risk.
- Customers of brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB and Traffic People were exposed.
- These companies used web development and ecommerce company Fashion Nexus to help them build their online stores. Fashion Nexus, and its sister company White Room Solutions have not said why the database was easily accessed.
- White Room Solutions said the breach was via a site that has now been taken down and the flaw has been resolved.
- The company reportedly informed the affected brands and said that it is leaving it up to them to contact their customers about the data being breached, as well as inform the Information Commissioner’s Office (ICO).
Following the implementation of the General Data Protection Regulations in May this year the ICO has toughened powers to take against organisations that breach the privacy of customer data. It will be interesting to see what action they take.
This data exposure illustrates just how important it is to take personal responsibility for safeguarding our sensitive data
You may not have been a user of any of these sites, but security oversights that enable breaches are commonplace. Even today, despite an increased awareness of the need for comprehensive cyber security, many firms make the simplest of mistakes when it comes to securing their systems.
We can take nothing for granted when it comes to protecting our data. Thankfully it was a white hat hacker who discovered the flaw. These people do a sterling job in exposing flaws yet are rarely appreciated. Without them we’d be swimming in a sea of danger whenever our data is collected and stored by companies.