If you are one of those parents constantly visiting the website of Kiddicare and buying items for children, some of your personal data might now be in the hands of hackers.
This after the British retailer has informed its users via email that hackers who infiltrated the company’s database have stolen their names, delivery addresses, telephone numbers and email addresses. Fortunately, at least, Kiddicare assured the affected users that none of their payment details has been exposed to hackers, as it says the website does not contain sensitive information such as credit card data.
Kiddicare customers initially received text messages from people who claimed that they came from an affiliate website of Kiddicare. Then they began to invite those customers to go through an online survey, which was the first indication that something was amiss with the retailer, though they could not tell exactly what it was.
Most cyber crooks resort to online polls to perform their fraud, luring Internet users into their scam with cash prizes as the bait in exchange for signing up for online services that ask for hefty amounts of fees. When Kiddicare began to look for indication of a major website data breach, the company found no supporting evidence. They only learned of the data breach when an unidentified security company alerted Kiddicare to the situation, highlighting a poor security measure at the retailer for not finding the loophole itself.
It was found that the data stolen were used to run a test site in November last year. The dataset, it later turned out, actually contained real customer data and that Kiddiecare did not implement the necessary measures and practices to protect those sensitive pieces of information. It would have been perfectly fine if the company used actual customer data for testing purposes, provided that the test environment was secured and difficult for hackers to infiltrate. Since it was a test, it was natural to expect that things could go awry in the later stage of the process.
The Kiddiecare data breach is another indication of how reckless websites can get when it comes to handling a treasure trove of data comprising sensitive information of their users, whether those are stored in actual production servers or in a test database. The safest way to run a site test is to create random data for test purposes alone. Kiddicare was quick to delete the test site, but damage has been done. The best thing to do as of the moment is to change your password elsewhere on the Web if you used your Kiddiecare password in multiple accounts.