Learning from others’ mistakes: Love Bonito Case

Short story:
Home-grown fashion label Love, Bonito has been fined $24,000 over¬†a 2019 data breach which saw personal information of more than 5,500 customers compromised. The root cause: The administrator account of a software used by Love, Bonito¬† was compromised. It was used to manage its e-commerce website. An unknown third party accessed and obtained customers’ personal data via this gap.

Countermeasure: Try to apply Access control list to sensitive parts of your webapp. So that even if the admin account was compromised, it could not log in from just anywhere. It had to be accessed from within specific locations. Also enable multi factor authentication.

Source: https://www.straitstimes.com/tech/tech-news/love-bonito-fined-24000-over-data-breach-involving-over-5500-customers