Most of us believe that by making online purchases through a secure website, with reputable companies, our credit card information is safe, right. That is not entirely true, as users of the popular website, CitySights NY recently discovered.
You see, while the site itself may be secure, the company's storage server was not, and that allowed hackers to use an SQL injection hack to access their database of customers, and steal more than 100,000 credit card numbers.
What is even more frightening is that the hack was only discovered by accident, and that it is believed that it may have been present on their system for a month or more, giving hackers' unrestricted access to consumers' credit card details all the time.
The biggest problem is that this type of attack is one of the most common out there. If a server is properly protected, it should be able to fend off this type of security breach, so the stealing of credit card information in this case was entirely preventable. Had CitySights NY spent a little more money and time securing their server, there is a good chance it would not have happened.
This kind of lax security is all too common among smaller online merchants, and it is just more proof that consumers need to be extra careful about who they buy from online. Using a third party payment processing system, like PayPal, that does not reveal account information, is another good idea for online shoppers.
It may not be the first case of this type of security breach, but the attack on CitySights NY, and the ease with which hackers insinuated themselves into their unprotected server is certainly a wake up call for online business owners. In this day and age of modern technologies, it is not an option not to protect your customers, and that means installing high tech software on your systems.
It is not yet clear what will happen to CitySights NY, but their culpability in this case is quite clear. Let us hope that all those credit card users that have been compromised by their lack of security do not lose their money.
