Berlin Germany’s top cyber security authority has discovered massive security gaps in software products that online retailers use to create their web shops. The Federal Office for Information Security (BSI) identified the vulnerabilities as part of a study, the results of which were presented on Monday. A total of 78 security gaps were found, “sometimes with serious effects on the IT security level of consumer data”.
The finding is explosive. A large amount of sensitive consumer data is processed via online shops. According to the BSI, in addition to personal contact data, in many cases this also includes bank details, credit card and other payment data. That’s why online shops have long been the focus of cyber criminals, the agency said.
In view of the sobering results of the study, BSI Vice President Gerhard Schabhüser sees an urgent need for action. “In order to reduce the risk of future data leak incidents and to achieve a sustainable increase in the IT security level of online shops, software manufacturers must carry out regular vulnerability analyzes – from the point of view of the BSI already during product development,” said Schabhüser. In their own interest, online retailers should pay more attention to IT security when selecting their shop software in order to protect their customers’ data as best as possible.
The requirement is no accident. The cyber security situation in Germany is considered tense.
According to the findings of the BSI, this also affects the digital consumer market. In this context, attacks on online shop customer databases in particular are an “important issue”, emphasized the BSI. It is mostly about “unauthorized tapping and disclosure of sensitive consumer data – so-called data leak incidents”.
Many consumers have already been affected by data leaks when shopping online
Almost all of the products examined as part of the BSI study had an inadequate password policy. So-called JavaScript libraries that were vulnerable to known vulnerabilities were identified in seven out of ten shop software products. According to the study, the BSI also identified software for half of the products examined that had exceeded the official “end-of-life date” and therefore no longer received any security updates.
>> Read also: That’s how big the cyber threat from Russia is for Germany
As a consequence, the BSI informed the affected software manufacturers about the vulnerabilities. At the same time, the authority called on manufacturers of shop software to provide updates for identified IT security gaps “immediately” and appealed to operators of online shops to implement them just as promptly or alternatively to switch to secure products.
The BSI also asked online customers about their security on the internet. Around a quarter of all respondents stated that they had already been affected by data leaks when shopping online. Half of those surveyed were also concerned about possible data leaks.
However, online shopping is “unbrokenly attractive” for many people, according to the BSI. 91 percent of those surveyed shop online at least occasionally, and 55 say they do so frequently.
More: Fight against shop deaths – “Many small retailers have a frightening digital allergy”