Just a couple of days to the wake of Black Friday, Amazon has suffered a significant data breach which resulted in customer names and email addresses getting disclosed on the website.
It has come as a major surprise, especially to the customers even as the e-commerce giant in a statement admitted to having emailed affected customers. However, they have declined to give more information especially regarding the affected individual and or their respective locations.
According to the firm, this was not a breach of its website or systems. It was a technical glitch that accidentally displayed customer names and email addresses to its website.
“We have fixed the issue and informed customers who may have been impacted.” Declared the Amazon on a Press Statement.
As an informative email to the affected clients, the Amazon wrote: “Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. It is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted.”
The firm further added that: “Amazon takes all security-related matters very seriously, and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”
The news did not do the customer any good especially considering its timing as many customers had started feeling the chills and thrills of inbounding Black Friday, best few days for best market deals.
According to Amazon, there should be no significant cause for concern for the customers, a statement which is not convening to all the experts.
Richard Walters, the chief technical officer of cybersecurity firm CensorNet, for instance, told those affected to ignore Amazons’ advice and consider changing their passwords.
We live in a society that experiences technological development each second and with thousand threats that come along with it in about the same time, as a precautionary measure, here are further security steps you should take to prevent your account from such occurrences in the future:
Monitor your passwords
Time and again, it is advised that we use complex passwords, this, however, is not always the case until such misfortunes befall us. It is crucial to adopt strong passwords practices for your users to protect the security of your accounts.
As much as you may not like it, embracing strong password requirements such as a minimum of around eight characters, uppercase letter and numbers included will help to protect your account information in the long run.
Avoid unnecessary file uploads
Now and then, we upload files to the websites and personal accounts not knowing how a big website security risk it can result in, even if it’s merely to change of a profile avatar. Such files could contain a script that when executed on the server, completely leaves your account vulnerable to hackers activities.
Some simple yet effective precautionary options include renaming the file on upload to ensure the correct file extension, or to change the file permissions.
Ultimately, the recommended solution is to deny direct access to uploaded files altogether. This way, any data uploaded to your website are stored in a folder outside of the web root or in the database as a blob.
Use HyperText Transfer Protocol Secure (HTTPS)
HTTPS is a protocol used to issue security over the Internet. It ensures that users are in communication with the right server and that nobody else can change or tap the content in transit.
Get website security tools
You need to take time and test your website/account security. The best way of doing this is through the use of some website security tools, also called penetration testing or pen testing.
We have many premium and free products to help you with this. They work the same way as scripts hackers-they test all known exploits and try to compromise your site using methods such as SQL Injection.
Some free tools that are worth looking at:
Netsparker – Good for testing SQL injection and XSS
Limit the visitors’ network access
Create a separate wifi connection for guests. Allow them access only to a restricted internet connection in your office that cannot access your cloud resources, or other confidential information.
Have clear data disposal policies
For instance, shred any paper with classified information before disposing of, wipe clean all the disk drives before disposing of.
Besides, include a proper procedure in case of a lost device. In the event of shared accounts, Integrate these policies into your employee training and have them tested regularly
Have a cybersecurity specialist.
In the case of a firm, educate your employees by bringing in a cybersecurity expert to speak about best ways to keep the security of the data. The sad truth is even the most prominent companies (e.g., Google) can fall victims of hacking. The most useful thing you can do is educate yourself on recent incidents and make sure the correct precautions are in place to prevent such.
Employ Intrusion Prevention and Detection
Intrusion prevention and detection systems are necessary for all systems that are accessible via the Internet, such as e-mail systems, active directory server, servers that store personal, customer or employee data and many more.
Update your software
Usually, companies like Microsoft offer an update to your software because they found a weak point in the system and fixed it. Therefore, Installing a patch provides you with the latest and secure version of the system. Don’t ignore the updates.
The above listed are some of the precautionary measures you can take to prevent your account, servers, and system from being an easy target to the hackers. Act now!
If you want to learn from us, here is what we have for you after about 3 years of work:
100 Tips to Prevent Identity Theft
Read More About Identity Theft Here
Identity Theft SafeGuard