Amazon Hit by a Major Data Breach Days before The Multi-Billion Dollars Shopping Day – The Black Friday

Last Update: September 10, 2021 Financial News

A couple of days to the wake of Black Friday, Amazon has suffered a significant data breach, which resulted in customer names and email addresses being disclosed on the website.

It has come as a major surprise, especially to the customers, even as the e-commerce giant, in a statement, admitted to having emailed affected customers. However, they have declined to give more information regarding the affected individual and their respective locations.

According to the firm, this was not a breach of its website or systems. It was a technical glitch that accidentally displayed customer names and email addresses on sites.

“We have fixed the issue and informed customers who may have been impacted.” Declared the Amazon on a Press Statement.

As an informative email to the affected clients, Amazon wrote: “Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. It is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted.”

The firm further added that: “Amazon takes all security-related matters very seriously, and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”

The news did not do the customer any good especially considering its timing, as many customers had started feeling the chills and thrills of inbounding Black Friday, the best few days for best market deals.

According to Amazon, there should be no significant cause for concern for the customers, a statement that is not convenient to all the experts.

For instance, Richard Walters, the chief technical officer of cybersecurity firm CensorNet, told those affected to ignore Amazons’ advice and consider changing their passwords.

We live in a society that experiences technological development each second and with thousand of threats that come along with it at about the same time. As a precautionary measure, here are further security steps you should take to prevent your account from such occurrences in the future.

Monitor Your Passwords

Time and again, it is advised that we use complex passwords. This, however, is not always the case until such misfortunes befall us. It is crucial always to create strong passwords.

As much as you may not like it, embracing strong password requirements such as a minimum of around eight characters, uppercase letters, and numbers included will help to protect your account information in the long run.

Avoid Unnecessary File Uploads

We upload files to the websites in personal accounts, not knowing how they will protect them. Such files could contain a script that completely leaves your account vulnerable to hackers’ activities when executed on the server.

Some simple yet effective precautionary options include renaming the file when you upload it, ensuring the correct file extension, or changing the file permissions.

Ultimately, the recommended solution is to deny direct access to uploaded files together. This way, any data uploaded to your website are stored in a folder outside of the webroot or in the database as a blob.

Use HyperText Transfer Protocol Secure (HTTPS)

HTTPS is a protocol used to issue security over the Internet. It ensures that users communicate with the right server and that nobody else can change or tap the transit content.

Get Website Security Tools

You need to take time and test your website/account security. The best way to do this is to use website security tools.

We have many premium and free products to help you with this. They work the same way as script hackers. They test all known exploits and try to compromise your site using SQL injection methods.

Some free tools that are worth looking at:

Netsparker – Good for testing SQL injection and XSS

Limit The Visitor Network Access

Create a separate wifi connection for guests. Allow them access only to a restricted internet connection in your office that cannot access your cloud resources or other confidential information.

Have Clear Data Disposal Policies

For instance, shred any paper with classified information. Wipe clean all the disk drives.

Besides, include a proper procedure in case of a lost device. Integrate these policies into your employee training in the event of shared accounts and have them tested regularly.

Have a Cyber Security Specialist

The sad truth is even the most prominent companies (e.g., Google) can fall victim to hacking. The most useful thing you can do is educate yourself on recent incidents and ensure the correct precautions are in place to prevent such. In a firm, educate your employees by bringing in a cybersecurity expert to speak about the best ways to keep the data’s security.

Employ Intrusion Prevention and Detection

Intrusion prevention and detection systems are necessary for all systems accessible via the Internet, such as e-mail systems, active directory servers, servers that store personal, customer, or employee data, and many more.

Update Your Software

Usually, companies like Microsoft offer an update to your software because they found a weak point in the system and fixed it. Therefore, Installing a patch provides you with the latest and secure version of the system. Don’t ignore the updates.

The above listed are some precautionary measures you can take to prevent your account, servers, and system from easily targeting hackers. Act now!

If you want to learn from us, here is what we have for you after about 3 years of work:

100 tips to prevent identity theft

Read more about identity theft here

Identity Theft SafeGuard



Recommended Articles