Well, this is a little embarrassing.
You know those seals that some ecommerce websites display to reassure users that they can be trusted? Badges that tell you you can go ahead and enter your credit card details and personal information with confidence that you’re on a website you can rely upon?
This kind of thing…
Well, as Bleeping Computer reports, the script used by one such company to display its trust seal on customers’ websites got hacked.
The supply-chain security breach, discovered by researcher Willem de Groot, saw Best of the Web’s trust seal compromised by two different keystroke loggers.
In other words, the very thing that websites were using to reassure you that they were secure… was insecure, and putting your personal data at risk.
Best of the Web confirmed on Twitter that its code had been compromised:
Earlier today, we were notified that the script we use to display trust seals that we host on Amazon’s content delivery network (CDN) was compromised. We took immediate action to remedy the situation and are in the process of informing those who were affected. We will be conducting a full security audit of our hosted accounts to ensure that this does not happen again.
Trust takes years to build, but only seconds to destroy.
By the way, if you’re considering whether your website needs one of these trust seals or not, here’s a comment from security expert Thomas Reed:
Those seals mean nothing anyway. I’ve seen them on many adware or PUP sites. An image is a terrible way to indicate safety, since it can simply be copied and reused without permission on an unsafe site. I wish they would all simply go away, and quit giving people false security.
— Thomas Reed (@thomasareed) May 16, 2019