3 Lessons Learned from the LifeLock Bug
A lot of people (4.5 million) depend on LifeLock, a subsidiary of security giant Symantec, to help them protect their online identity. Ironically, the company recently admitted that a vulnerability on the LifeLock website (LifeLock Bug) had potentially exposed millions of customer email addresses to hackers.
This all sounds familiar. Remember the Equifax security breach fiasco? Or, more recently, a website breach at Panera Bread? In each case, unauthorized persons were able to access millions of customer records through the company website. These incidents and dozens more serve as cautionary tales for organizations and consumers alike.
On July, a security researcher attempted to unsubscribe from marketing emails sent by LifeLock. In the process, he discovered that an error on the marketing opt-out page would allow him to easily obtain email addresses for millions of LifeLock customers.
Imagine the mass phishing campaign a bad actor could launch with the email addresses of customers known to have identity theft concerns. By playing on their fears of losing protection, a phishing campaign could trick users into making payments through a fake site.
In this case, it appears that the web page that contained the bug is managed by a third party. LifeLock quickly fixed the problem, but the possible exposure of sensitive data teaches some practical and essential lessons.
Any organization that stores personal data from its customers, even information as simple as an email address, has a responsibility to keep that data secure. Websites are a particularly vulnerable target for hackers.
Consider all the personal data that customers provide through a website. They enter financial and mailing information to order products online. They list account identifiers and social security numbers. Or, they specify personal preferences and a birthdate as they sign up for a customer loyalty program.
Creating a bulletproof website is extremely challenging. But when you have customer and company data at stake, you cannot afford to take shortcuts with security. Take the time to adopt a security policy that addresses potential vulnerabilities within your website development process. In addition to coding specifications, this will include items such as the following:
The unsubscribe page that allowed access to LifeLock customer email addresses is apparently maintained not by LifeLock, but by an outside business partner. Still, at the end of the day, customers trust their data security to the company whose name displays at the top of the website.
You cannot assume that third parties that impact your site have airtight security practices in place. So, police not only your own web framework, but also the activities of your partners. In addition, regularly scan their sites to identify vulnerabilities.
While you protect personal data provided by your customers, remember to safeguard your own digital identity. Change your passwords frequently. In addition, understand and use available privacy settings. Also, avoid public Wi-Fi and online quizzes. Finally, think twice before you share sensitive personal information on social media.
Online shopping and the endless amount of data available on the internet have brought the world literally to our doorsteps. Unfortunately, all that convenience can make consumers complacent. Remember that it is much more effective to practice safe computing than to try and repair a stolen identity.
Staying on top of emerging threats and potential vulnerabilities up and down your supply chain requires significant time and resources. Hence, a trusted partner with proven experience in security management can help you secure your website and safeguard sensitive data.
The professionals at eMazzanti Technologies offer customized security solutions and award-winning website design. Since 2001, eMazzanti has delivered world class solutions that protect sensitive business data, so you can focus on your core business.
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…
In today’s fast-paced, technologically advanced world, businesses of all sizes increasingly rely on digital systems…
You likely hear terms like "blockchain," "machine learning," and "cloud computing" without considering their real…
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…