Website security - The AA

The AA have recently released a statement regarding their potential data leak:

We can confirm that the AA was informed of a potential vulnerability involving some AA Shop data on 22nd April 2017.

They added that the issue was fixed on 25th April 2017.

Despite being resolved quickly, it still means that some private data has been leaked.

The data obtained by Motherboard contains 117,000 unique email addresses, including names, addresses, IP addresses and payment information. The data also includes some hashed passwords, but thankfully no passwords are stored in plain text.

The AA state that the data was "only accessed several times".

Below are a few tips for keeping your website and server secure:

  • Use a strong username and password. Randomly generate a password to ensure it's strength.
  • Check that your website stores hashed passwords, and uses a random salt.
  • Think about encrypting data in the database. This can be costly for the database, but might protect you in the long run.
  • Install a firewall to protect key server ports.
  • Install the latest security patches for servers, firewalls, frameworks and plugins.
  • Use a service called fail2ban to protect from malicious SSH attacks.
  • Pay for a PEN test against your server and website to check for vulnerabilities.

Explore our other projects