Every minute in the U.S., 19 people fall victim to identity theft, according to credit bureau TransUnion.
Consumers can unintentionally leak a deluge of personal information as they shop online and surf the web. That's because websites can house coding flaws and other vulnerabilities that attract malicious hackers, who are prowling the Internet for consumers' personal information.
"Out of all the websites we've scanned, 75 percent of them have a vulnerability on the first scan," said Ainsley Braun, co-founder and CEO at Tinfoil Security, which specializes in website security.
Even large, well-known companies' websites can be vulnerable.
Braun said scans for potential vulnerability found 30 percent of Fortune 1000 companies have website flaws. Vulnerabilities also were discovered among some of the most visited websites, as tracked by the Alexa Rank of the top 500 sites.
Customer data loss, in fact, is a growing concern. A survey of information security professionals by cybersecurity company Trustwave found 58 percent of IT professionals worry about customer data theft. That concern eclipsed IT professionals' worries about international property theft, damage to reputation, and fines and legal action, according to the survey.
Here are some of the most dangerous kinds of attacks on websites, according to Braun and Michael Borohovski, co-founder and chief technology officer at Tinfoil.
Every time you log into a website, your computer receives a small piece of data called a cookie—information about your user session so you do not need to log in again when you visit a new page. If the website does not secure that cookie, your data is vulnerable.
The Open Web Application Security Project (OWASP)—a nonprofit focused on improving software security—also cited cookies as a potential threat. A hacker can gain access to a cookie on an unsecured wireless network and hijack a user's website session, potentially gaining access to private data, according to the group's 2013 report.