Food store website shows security liabilities

Food store website shows security liabilities

IT Security is always vital for businesses that regularly interact with customer data. Shoppers are likely to avoid sites suspected of putting their personal information at risk. According to a recent report by the BBC, supermarket chain Tesco may be embroiled in such a situation, with a third-party group claiming the store's website contains a dangerous flaw.

Database susceptible to breaches

The BBC report stated that the Tesco flaws were first reported by security professional Toby Hunt, who noted that the market keeps a plain text database of user passwords. A simple breach of the system could easily expose that unencrypted document and potentially put the entire network of user accounts at risk. The source consulted with data security expert Graham Curley, who noted that Tesco should update its procedures immediately.

"They need to do a full review of their website security and make sure they're following good industry practice," Curley told the news provider."With the number of websites they have, that isn't going to be a small task. But it is something that they'll want to address and reassure people they've got it sorted out."

Companies do not need to wait for experts or, worse, hackers to expose their security vulnerabilities. Penetration testing can tell whether a firm's internal or external defenses are insufficient by simulating a cyberattack. Developers could be neglecting serious vulnerabilities simply because they are unaware of the flaws' presence.

High-profile attacks

Large and prominent companies can still fail in their internet security efforts, and many have recently. A recent PCWorld reported detailed an attack on the Reuters news blog in which cybercriminals inserted fake news stories into the Reuters feed, representing the second attack on the news agency in the span of a few months.