MoonPig's API breach could cost its business
(Image Credit: ©iStock.com/Tsekhmister)
Security breaches are frequent news, but fixes are often implemented with due haste to prevent data loss and protect customers. Paul Price, a security researcher, alerted MoonPig to a flaw in its API which allowed hackers to see payment information and view addresses. This fault was left unfixed for 17 months, and could be detrimental to MoonPig's business.
No flaw should take 17 months to rectify, particularly when it’s already been identified.
In a recent survey conducted by LogRhythm, 56% of respondents said they either won't do business with a company which has suffered a breach, or at least will stop sharing as much information with them in the future. A deciding factor whether a customer cuts ties altogether will be how damage control is performed.
Ross Brewer, vice president and managing director for international markets at LogRhythm, says: "For any organisation, and particularly for retail businesses, customers are really the only thing that keeps them going. Showing such flagrant disregard for the safety of their data is unforgiveable, and you can be sure many members of the public will see it in the same way."
He continues: "With the security landscape as it is today, there is no excuse for organisations not to have the tools in place to identify risks and fix problems as soon as they are identified. Understanding normal network activity is crucial to ensuring its security, and can severely reduce the time it takes to detect threats. No flaw should take 17 months to rectify, particularly when it’s already been identified, and leaving it for so long is asking for trouble – from multiple angles.”
Several tools are available to assist developers in detecting and eliminating security flaws, such as those from Coverity and Wandera. Poor programming, which can often happen as demands and time-constraints increase, can lead to apps leaking information. A simple mistake can have serious consequences, including a significant or complete cost to the business.
There is no excuse for organisations not to have the tools in place to identify risks and fix problems as soon as they are identified
Eldar Tuvey, CEO of mobile security company Wandera, says: "Apps using only basic authentication can in some scenarios open up the possibility of a Man in the Middle Attack being staged. Having a multi-layered mobile security solution in place is critical, and utilising algorithms to detect patterns that signal malicious or risky behaviour is proving to be an effective solution."
Remember you have a legal obligation to protect your customer's data, and take such due care to ensure faults are fixed as quickly as possible.
Do you use relevant tools to ensure your apps are secure? Let us know in the comments.
- » Developers can now access Twitter’s useful ‘Hide Replies’ feature
- » Safari soon won’t accept HTTPS certificates longer than 13 months
- » Linux Foundation and LISH publish latest open-source census with suggestions to boost security
- » Raspberry Pi 4 is now OpenGL ES 3.1 conformant, Vulkan incoming
- » SoundCloud repairs API-related security snafus after Checkmarx research