Security Improvements for Our Ecommerce Customers
We were recently informed by Kulkan Security of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date, business contact information, product purchased and taxpayer ID, if provided) by sharing a private URL.
Kulkan Security also identified an instance where cleverbridge sent a token for a subset of its transactions that included private URLs to their monitoring and marketing analytics platforms. Cleverbridge has purged all of the tokens.
In response and out of an abundance of caution, we’ve worked with cleverbridge to implement additional controls to the ecommerce system to further reduce the risk of a customer accidentally sharing this information.
We would like to thank the consulting team at Kulkan Security and cleverbridge for their quick actions and collaboration.
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.