Companies Need To Implement Additional Security Precautions As Popular Websites Become Victim Of Security Breach

Companies Need To Implement Additional Security Precautions As Popular Websites Become Victim Of Security Breach

The growing numbers of security breaches continue to expose internet users around the world to unnecessary and dangerous risk. Organizations may step-up its security levels by hiring information security professionals who are fully equipped with the best technical security training certifications.

Popular UK online retailer Play.com has admitted its customer database was recently the scene of a security breach. John Perkins, CEO of Play.com, sent an email out to customers explaining that on March 20th some customers had receiving a spam email to email addresses they only use for Play.com.

"Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses."

Perkins said that the issue could be related to "irregular activity" that was traced back to December 2010 at its email service provider, Silverpop. "We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps," he said.

According to Perkins, all other personal information such as credit cards, addresses and passwords are kept in the very secure Play.com environment. He added, "Play.com has one of the most stringent internal standards of e-commerce security in the industry," This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained."

Another popular website, TripAdvisor, has also come forward with details of a recent breach. The travel website sent out an email to users explaining the hackers had only made off with email addresses after a selection of its 20 million-strong email list was stolen. The company has posted a message outlining some details of the incident, which supposedly took place "recently" and involves an undisclosed number of member email detail taken from the system. Officials are intent to stress that the company does not collect credit card details or any other financial information, but it is warning members that they may receive some "unsolicited emails" as a result of incident.

"We sincerely apologize to our affected members for this inconvenience and are implementing additional security precautions to help prevent another incident in the future. Agencies from outside the company are now said to be looking into the theft due to the seriousness of the breach, although it is unclear whether the investigation is taking place at one of its international offices or the headquarters in Massachusetts, US.

"While we're still investigating the details, we've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement." The bulletin to members goes on to explain how they might be able to identify any unsolicited emails in the future and how to deal with them.

How such a major incident could have taken place may well emerge in the coming weeks, but while TripAdvisor's transparency with coming forward immediately to notify members should be applauded, such openness elsewhere may also shed some light on some of the wider IT practices within the company. A technical manager wrote in forums seven months ago that TripAdvisor developers have "root access on every box", meaning that technical staff could essentially see all files, delete them and add them from a server.

There is no evidence at all at this stage whether the theft was carried out by individuals within the company or from the outside. IT professionals will have to have the right skills if they want to improve their organization's information security management and protect affected members in the event of a data breach.

The International Council of E-Commerce Consultants( EC-Council ) offers technical security training courses that are designed for effective and dynamic implementation, providing organizations worldwide efficient and superior knowledge to safeguard against cyber-crime related incidents including misuse of compromised data.

TakeDownCon, one of the conferences of EC-Council's Take Down information security conference series, is a highly technical conference that will showcase how different systems can be compromised with ease. Topics that will be discussed include how security systems are being breached, and what methods perpetrators are employing to hijack or steal your assets, and proliferate from it.

TakeDownCon will also feature a pre-event training platform offering EC-Council ethical hacking training including the world-renowned Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programs.

POST COMMENT

Hacker Claims Responsibility For Stealing SSL Certificates Belonging To Some Of The Web's Biggest Sites Website all about Weight Loss Tea Do You Have Parasites? Most effective Website Hosting Web sites - What Can make A Web site A person Of The Best? Cricket Accessories Wholesale Retail Stores And Websites Developing site to earn on-line Make Her Feel Blessed By Gifting Her The Most Exquisite Diamond Solitaire Pendants What to do once arrived at the dive site Authenticating Your Website in Yahoo! Site Explorer An Introduction To Walkways For Your Site Website all about Tava Tea Website promotion: a guide to promoting your website Save Your Money with Promotional Code