Information Security News mailing list archives
How Shopify Avoided a Data Breach, Thanks to a Bug Bounty
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 19 Dec 2018 06:19:18 +0000 (UTC)
http://www.eweek.com/security/how-shopify-avoided-a-data-breach-thanks-to-a-bug-bounty By Sean Michael Kerner eWEEK.com December 17, 2018Breaches occur on an-all-too-frequent basis, but what is often never reported are the breaches that don't happen, thanks to organizations taking rapid, proactive measures. One such incident was outlined by Shopify at KubeCon + CloudNativeCon NA 2018 last week.
Thanks to a bug bounty program and the support of its vendor partner Google, Shopify was able to avoid a potentially disastrous flaw that could have enabled an attacker to take over Shopify's Kubernetes cluster. Shopify provides an e-commerce platform that allows vendors to sell goods and services. The platform is hosted on the Google Kubernetes Engine (GKE), which provides a hosted version of the open-source Kubernetes container orchestration platform.
"If you're not familiar with Shopify, we've got about 600,000 businesses, so there's a good chance that you've purchased something from us without even realizing it," Shane Lawrence, security infrastructure engineer at Shopify, said. "We processed about $26 billion last year, and during peak hours we get approximately 80,000 requests per second."
Shopify runs entirely on GKE, said Lawrence; the reason his company chose Kubernetes is to be able to rapidly respond to scaling demands like the recent Black Friday and Cyber Monday shopping events.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- How Shopify Avoided a Data Breach, Thanks to a Bug Bounty InfoSec News (Dec 18)