PracticePeople In PracticeAccounting website’s security breached

Accounting website's security breached

A startup US accounting website has tightened its security measures after a bug expert uncovered several vulnerabilities which could leave customer details exposed.

Bug hunter Jeffrey Baker said the website of Intacct.com, which provides web-hosted accounting services to medium-sized organisations, could be compromised by a malicious intruder who could build a database of customer details.

Baker took the rare step of singling out Intacct on the Bugtraq-moderated industry mailing list last weekend for failing to live up to claims over its security. He said he felt compelled to post the advisory because Intacct failed to respond to his initial emails.

In his posting Baker claimed the site contained three vulnerabilities, covering user sign-on procedures, cross-site scripting and problems with customer log-in cookies.

Attackers could log in, view and modify victims’ accounts, budgets and other data, change passwords and deny service by modifying Intacct billing information. No action is required on the part of the victim for these attacks to succeed, Baker reported.

Officials from Intacct have since acknowledged the vulnerabilities and said the company has its tightened security measures in response to the posting.

Intacct website

Related Articles

Is inefficiency stealing your time and money?

Accounting Firms Is inefficiency stealing your time and money?

6m Emma Smith, Managing Editor
CIMA elects new president

Institutes CIMA elects new president

6m Emma Smith, Managing Editor
Transparent currency trade: How to achieve costs visibility

Governance Transparent currency trade: How to achieve costs visibility

6m Emma Smith, Managing Editor
Introduction to KPMG UK’s new leadership team

Accounting Firms Introduction to KPMG UK’s new leadership team

6m Emma Smith, Managing Editor
EY appoints head of UK Infrastructure Asset Intelligence practice

Accounting Firms EY appoints head of UK Infrastructure Asset Intelligence practice

8m Emma Smith, Managing Editor
FRP Advisory expands operation with new office, partner appointments

Accounting Firms FRP Advisory expands operation with new office, partner appointments

10m Emma Smith, Managing Editor
Magma Group announces merger, partner promotions

Accounting Firms Magma Group announces merger, partner promotions

10m Emma Smith, Managing Editor
MHA MacIntyre Hudson advises on management buy-out

Accounting Firms MHA MacIntyre Hudson advises on management buy-out

10m Emma Smith, Managing Editor