Asda website leaves customer details vulnerable for 677 days
Asda, the second largest supermarket in the UK by market share, reportedly failed to patch a vulnerability in its online grocery store that exposed customers’ personal information and payment details for nearly two years. Information security consultant Paul Moore estimates that over 19 million transactions were potentially at risk in that period.
Walmart subsidiary Asda fixed the vulnerability shortly after Mr Moore published his blog on Monday, telling the BBC: “Asda and Walmart take the security of our websites very seriously. We are aware of the issue and have implemented changes to improve the security on our website.”
Patch management
The exploitation of known vulnerabilities is one of the easiest methods by which cyber criminals can hack websites, so the importance of maintaining up-to-date software is paramount for all organisations that value their information security. If you continue to use unsupported or vulnerable versions, then your website runs a significantly higher risk of compromise.