IKEA email spam exposed

Global furniture company Ikea recently admitted to a vital flaw in their email system that allowed anyone to create a spam service, sending millions of spam mail from the international mail service based in Sweden.

The security gap operated for an unknown period of time. This allowed phishers and hackers to fully exploit the security hole by using Ikea’s reputation as a global firm operating over 36 countries to obtain highly personal details, including credit card numbers.

In a similar vein it allowed them to upload drive-by pages that then allowed Trojan horses and other vulnerabilities access to the victim’s computer.

The gap was created by an inadequately secured template on the company’s homepage that allowed for anybody to insert alternative email addresses in a contact form on the homepage over a number of companies.

Chief analyst at Danish security company Csis, Peter Kruse has said that a security bug in a global company the size of Ikea shows carelessness that can be fixed within ten minutes by a relatively qualified Web programmer.

Ikea CIO, Marianne Barner, has claimed that the most important thing is that the security gap has been recognised and closed, stopping the problem.

Story link: IKEA email spam exposed