Monday 20 October 2014

Shoe retailer 'Office' latest company to fall victim to cyber attack

Published 29/05/2014 | 16:26

Hacker typing on a laptop
Hacker typing on a laptop

UK shoe retailer Office is the latest company to confirm it has been the victim of a cyber attack.

The London-founded retailer has emailed customers with accounts on their official website, suggesting they change their password and any similar log-in details on other sites after a breach of security.

In a statement, Office chief executive Brian McCluskey said: "I can confirm that the Office website has been the subject of a security breach. We take such a threat very seriously and have been in communication with our customers to advise them of the matter. We can confirm that no credit card, debit card, Paypal or bank details were compromised in any way. In addition we have reported the matter to the relevant authorities."

The high street chain is the latest in a string of businesses to suffer breaches in their online security. Last week eBay announced that a breach in their security had given hackers access to more than 100 million users, but like Office, confirmed that no financial data had been compromised.

Music streaming service Spotify announced it would be pushing out an update of the Android version of their app after a single user account was deemed to have been compromised.

"The protection of customer data is of the utmost importance to us and we are treating this extremely seriously. Our customers remain our number one priority and we are taking all necessary measures to ensure that our website remains secure," said Mr McCluskey.

Internet auction site eBay was criticised for a delayed response to their own cyber breach, with emails to users warning them to change their passwords taking more than a week to be sent out.

Security experts believe that the recent spate of breaches are a domino effect, based around web users employing the same passwords across multiple accounts.

TK Keanini, chief technology officer at cyber security analyst Lancope, said: "It seems that we have these announcements on a daily basis these days and, ultimately, consumers are suffering from re-authentication fatigue.

"Not only should they change the login/password on the Office account but if this login/password pair were used elsewhere they should change those in good measure because the attackers will add it to their automated scanning and try and compromise the other accounts where this is used."

Mr Keanini says that this latest attack proves that web security should be improved, despite fears over overcomplicating things for users.

"Asking users to change their password as often as online retailers have asked in the past 12 months is not sustainable. A move to two-factor authentication is required," he said.

Two-factor authentication refers to the system of users having to input two different pieces of data in order to identify themselves and log in. Examples include having to input a password as well as answer a security question.

"The hesitation has been that retailers don't want to make the login process more complicated but I would argue that asking consumers to change their passwords every time breaches occur is not only more of a hassle but downright dangerous because not all users will change unless forced to perform this action on the subsequent session."

Read More

Editors Choice

Also in Business