Tala Security warns about unprecedented levels of hacking expected this holiday season. The data theft would be a result of passiveness of the clients, regarding security measures.
In the State of the Web Report, the company points out the danger of the integrations that enhance website functionality. These allow attackers to target Personally Identifiable Information (PII) and payment data. Besides, 98% of the Alexa 1000 websites are lacking security measures to prevent these attacks.
At the same time, FBI and the PCI Council (Security Standards Council) warned that hackers are targeting online credit card details.
Aanand Krishnan, Founder & CEO of Tala Security, considers that merchants should be more aware of their clients’ security needs. “Online merchants and website owners must recognize the critical need for client-side security. The fundamental driver of online commerce — consumer trust — is at stake as attackers target widespread client-side vulnerabilities to steal credentials, credit card numbers, financial data and other PII.”
The most important vulnerabilities
98% of websites capture users’ data on forms. That’s how they expose data to 10 times more domains than intended by the website owner. This represents a massive opportunity for data theft from hackers.
Also, two thirds of the content that users view on their browsers is provided by 31 third-party integrations. It means that client-side connections, with no effective security controls, deliver this content.
The owner of a website creates and serves only one-third of the content that a user sees on browsers. The other two-thirds comes via client-side connections, with no effective security.
27% of website owners try to deploy security measures, but only 2% succeed in deploying effective policies capable of preventing client-side attacks.
Bit Guardian also warned about the high levels of hacking that Black Friday will bring at the end of this week. Be aware of the dangers that the happy season may bring!