The German cybersecurity agency, the Federal Office for Information Security (BSI), has found that online shopping cart software used by e-commerce sites contains numerous vulnerabilities.
The BSI examined ten third-party web shop systems, including Magento, Zen Cart, and PrestaShop, discovering that all ten shared the low-level vulnerability of potentially transmitting sensitive information from form fields to third parties through the use of autocomplete.
Nine out of the ten systems did not require users to use strong passwords, which the BSI classified as medium risk. Additionally, the software used by some platforms had passed its end-of-life date, meaning new bugs don’t receive official patches.
The BSI became concerned about the large amount of sensitive consumer data processed by online shops, and the German cybersecurity agency’s study found that one-quarter of respondents reported “negative experiences with regard to data security” while shopping online.
Germany has one of the largest e-commerce markets in Europe, with 90% of individuals with internet access at least occasionally shopping online, typically from a smartphone.
During 2021, the German e-commerce market was worth $127.5 billion, a figure that has only increased since Germans used online shopping even more during the Covid-19 pandemic.
Gerhard Schabhüser, the temporary head of the BSI, used the study results to urge e-commerce platforms to improve their security. He said, “Software manufacturers must carry out regular vulnerability analysis during the product development phase itself.”
Given that BSI assesses that Germany’s cyberspace is experiencing mounting levels of cybercrime, e-commerce sites must protect their customers’ data by regularly checking for vulnerabilities and implementing security measures.