Data Leaks from Online Stores

In the face of rapidly evolving e-commerce and new methods of payment all over the world, user-friendly and agile online stores are now at high risk when processing personal and payment data of their customers. This is a digest of leaks from online stores prepared by InfoWatch Analytical Center.

Last year, a wave of cybercrime was reported to hit the biggest online marketplace, Amazon. Hackers used dormant accounts to offer nonexistent goods. For example, they hacked an account of a professional makeup artist and offered Nintendo Switch on her behalf, and, ultimately, received money from hundreds of customers.

Netshoes, a Brazilian e-commerce site, suffered a leak of records of 500,000+ customers. A link posted on Pastebin hosting service led to a data dump containing customers’ names, email addresses, ordered item numbers, prices, methods of payment, etc.

Compromised purchase histories may reveal very sensitive information about customers. Thus, a major eBay privacy breach exposed items purchased by its customers, publicly on Google, including such sensitive purchases as pregnancy, drug, and HIV home testing kits.

In early February, hackers stole 35,000 logins/passwords from praho.nevyhazujto.cz, a popular online store in the Czech Republic. Prague authorities blame the cybersecurity service provider for this breach, claiming that it failed to properly protect the website.

Britain’s biggest retailers, including Debenhams, Mothercare, Marks & Spencer, Boots, House of Fraser, Amazon, and Tesсо, were recently accused of leaking their customer details obtained through special trackers on their websites that, in particular, identified customers’ IP addresses, locations, devices, and browsers, i.e. information of great value to advertisers, experts say.

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>