Of late, CyberNews has carried out an investigation to check whether the popular online shopping platforms take their encryption hygiene seriously or not as these platforms handle sensitive customer information like authentication credentials, credit card numbers, banking data, and other payment details. Amid this pandemic situation, it is highly essential for these platforms to ensure adequate security and encryption standards as a huge number of people rely on online shopping.
The investigation team of CyberNews analyzed the web servers of 2,620 popular online shopping domains for SSL configuration security, as well as their susceptibility to known vulnerabilities related to the Secure Sockets Layer (SSL) encryption protocol. On investigation, they found that even though the absolute majority of online shops follow excellent SSL configuration practices in general, almost a third of the web servers we analyzed are susceptible to known SSL vulnerabilities, with the BEAST vulnerability being the most widespread among online shops.
BEAST (short for Browser Exploit Against SSL/TLS) is an attack that allows a threat actor to access the data exchanged between a web server and the user’s web browser. For online shoppers, this would include sensitive information like authentication tokens, payment information, and more.