Security company Wandera has exposed 16 companies that have frequently failed to encrypt transaction data on their sites and apps.
The sites range from airlines to the San Diego Zoo, and the information left vulnerable includes credit card numbers, birthdates, and even passport information. This is by no means an exhaustive list; while Wandera serves clients as big as Bloomberg and even NATO, they barely cover 2% of daily mobile traffic.
For the most part, the mistake is deceptively simple. Sites simply aren’t using the encrypted HTTPS, versus the more common HTTP for their site and app protocols. It’s a measure required by the PCI Security Standards Council, and a fundamental part of securing customer data.
Wandera wasn’t even looking for the vulnerabilities, but tried to alert the companies in question when the issue showed up in their reports. In most cases, the security company was unable to even reach someone to warn them of the serious breach of customer safety. Wandera allowed multiple days before issuing the press release regarding the vulnerabilities, but most of the concerned parties had made no move to rectify the situation.
As reported by Fast Company, here is a list of the companies that were identified for leaving information unsecured:
Dash Card services/parking
easyJet (recently fixed)
San Diego Zoo
Tribeca Med Spa
Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.