Millions of e-commerce sites lack basic security — like HTTPS protection, web firewalls, and valid certificates — putting shoppers at risk, cybersecurity company CyCognito said in a report on Nov. 21.
These security gaps could expose online shoppers to cyberattacks, fraudulent transactions, identity theft, and privacy violations this holiday shopping season.
“Millions of consumers will flock to ecommerce websites in search of the best deals. Along the way, they will provide their personally identifiable information (PII) – credit cards, addresses, even passports – to carry out transactions,” the report said, warning that this data could be at risk.
Millions of Online Shopping Apps, Sites May Be Unsafe
E-commerce platforms are notorious for collecting vast amounts of user data, and they may violate your privacy in the quest to harvest this data. According to CyCognito, 78 percent of e-commerce sites do not request user consent for cookies in violation of privacy laws like the GDPR. Meanwhile, a recent study by NordVPN revealed that up to 25 percent of the permissions shopping apps request are unrelated to their function.
CyCognito said while 58 percent of all e-commerce platforms collect sensitive user data, many are plagued with critical security flaws.
Up to two percent of e-commerce platforms (about 520,000) don’t use HTTPS encryption. HTTPS (Hypertext Transfer Protocol Secure) is essential for secure browsing and is widely used across the web. The lack of secure protocols could expose shoppers to Man-in-the-Middle (MitM) attacks.
But that’s not all. Up to 24 percent of e-commerce web apps that collect personal data don’t use any web application firewall (WAF). A WAF safeguards web applications, screening incoming internet traffic to block harmful attacks and protect the applications.
CyCognito also found that “nearly half” of all e-commerce web apps have one or more cryptographic vulnerabilities, and up to seven percent of the web apps analyzed have at least one of the vulnerabilities in the OWASP Top Ten list. Even more disturbing, “over three quarters (76%) of the critical issues found in ecommerce web apps are also easily exploitable [by cybercriminals],” the report said.
How to Protect Your Privacy on Shopping Sites
“Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything,” cybersecurity firm Malwarebytes warned in a report published earlier this month.
Before you start shopping online this holiday season, we urge you to protect your accounts with strong passwords and use a trusted virtual private network (VPN) service, like NordVPN, across your devices to block online stores from tracking you and violating your privacy.
Also, use a solid antivirus solution to protect your device from malware and other threats. Check out our guide to the best antivirus software to see our top picks.
CyCognito’s report outlined some recommendations for retailers to enhance the safety of their e-commerce platforms. “Checking for low-hanging fruit, like missing WAFs or expired certificates, can serve as indicators of more serious security issues,” the report said.
CyCognito also recommends conducting regular and thorough security testing, implementing basic safeguards like firewalls, regularly checking for certificate validity, addressing cryptographic vulnerabilities, and protecting consumer data (PII).
For more news, follow us on X (Twitter), Threads, and Mastodon!
