A bug in the Asda website may have given hackers the chance to collect customers’ personal information and payment details, BBC.com has reported.
The online publication quotes security expert Paul Moore, who says that he reported the flaw to Asda back in March 2014, and that it could have put millions of transactions at risk.
In response, Asda stated: “We are aware of the issue and have implemented changes to improve the security on our website.”
“The points flagged pose a low risk to customers and our monitoring of these security issues indicate that no customer information has been compromised over that two-year period."
BBC.com explained that if a customer had the Asda website open as well as having a malware-infected website open at the same time, hackers may have been able to access the customer’s details.
The publication spoke to Professor Alan Woodward, a security expert from the University of Surrey, who agreed that Asda’s site is now secure, but advised customers to have only one tab open while shopping online just in case.
“This is an example of how companies need to look beyond the boundaries of their own website,” he added. “This is a common exploit but it can be very easily fixed. It is half a line of code that can fix it.”
© 2016 European Supermarket Magazine – your source for the latest retail news. Article by Brian Dermody. To subscribe to ESM: The European Supermarket Magazine, click here.
