With the holiday shopping season in full swing, the retail and eCommerce industries are embracing crowdsourced security models, with 9% of programs launched in 2018 being ecommerce and retail companies, three times more than the year before. These companies are adopting crowdsourced security to stay ahead of growing consumer awareness and stringent regulations resulting from rising breaches. The top three vulnerabilities found in retail and eCommerce programs in 2018 were Server Security Misconfiguration, Broken Authentication and Session Management, and Sensitive data exposure / sensitive data or password disclosure. Server Security Misconfigurations, such as using default credentials, are common and dangerous, while Broken Authentication and Session Management can lead to full account takeover. Sensitive Data Exposure can result from lack of encryption, weak keys, or password hashing techniques. To stay secure, consumers can take steps such as enabling two-factor authentication, minimizing password reuse, and utilizing password managers like 1Password, LastPass, and Keeper Security.