O/T Warning! Hacker steals 300,000 credit card numbersgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
[Fair use for educational purposes.] From CNN.com:"Report: Blackmailer reveals stolen Internet credit card data January 10, 2000 Web posted at: 11:21 AM EST (1621 GMT)
"NEW YORK (AP) -- A computer hacker who claimed to have stolen 300,000 customer credit card numbers from an Internet music store posted thousands of the numbers on a Web site after his attempt to extort money from the company failed, The New York Times reported today."
"The company, CD Universe, refused to pay the hacker's demand of $100,000. The unknown extortionist claimed in e-mails to the Times that he used some of the credit card numbers to obtain money for himself."
"The hacker, believed to be based in Eastern Europe, for two weeks used a Web site to distribute up to 25,000 of the stolen numbers, said Elias Levy of SecurityFocus.com, a computer security firm. The site was shut down Sunday morning."
"CD Universe and its parent, eUniverse, were working with the FBI to track the hacker."
"He definitely has CD Universe data," said eUniverse chairman Brad Greenspan. "Whether he hacked the site or got the data in some other way, I'm not sure exactly."
"The company was notifying customers of the theft and was working with the credit card companies to help holders of stolen card numbers."
"The hacker, identifying himself as Maxim in an e-mail to the Times, said he exploited a security flaw in the software used to protect financial information at CD Universe's Web site. He said he sent a fax to the company last month offering to destroy his credit card files in exchange for $100,000. When he was rebuffed, he said, he began posting the numbers on another Web site, called Maxus Credit Card Pipeline, on Christmas Day."
"The hacker e-mailed the Times the numbers for 198 credit cards as proof of the theft. The numbers were real, said the Times, which contacted the credit card owners. At least one owner confirmed she had been a CD Universe customer."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Back in '93 there was a federal law where the credit card holder was only liable for the first $50 (total) of any fraudulent charges placed on their card - I hope that is still the case for these poor people.
-- Deb M. (vmcclell@columbus.rr.com), January 10, 2000
That law by the way applies only to credit cards, NOT DEBIT CARDS. If you own a debit card you are IMHO a fool. Any guarentees on debit cards are strickly the banks policy which in many cases could be changed at any time.
-- Squid (ItsDark@down.here), January 10, 2000.
... posted thousands of the numbers on a Web site after his attempt to extort money from the company failed...Link Please! $(.)(.)$
-- Slobby Don (slobbydon@hotmail.com), January 10, 2000.
And that is merely the tip of the iceberg. I can't provide a link but I know CNN reported last year (May/June) time frame that there was an ongoing criminal enterprise which consisted of a large number of 'crackers' who break into networks and collect password information to further compromise other networks and credit card information to feather the organizations pockets.In addition I have seen this activity first hand in my security work. It is really happening. I am not sure of the scale but it appears to be common enough to be a serious problem.
I have posted this before but...
If you purchase items on line using your credit card, you are USUALLY in safe because your browser will use a secure means of communicating your private information. If you EVER receive a receipt with containing that sort of information via email. You should immediatly start watching the billing on that number. You should immediatly contact the company which sent the receipt and explain to them that email is a completely non-secure means of communication and should never be used for that purpose. You should inform that company that you will no longer make purchases from their site until their receipt forwarding policy is changed to ensure your privacy.
Soap Box: This is where we stand, we are moving financial matters onto the web faster than the people using the medium are able to grasp the security issues of the medium. This has the potential to cause even more serious problems down the road. The most important thing we can do in this area is beat the idea of a need for better network security into the heads of our legislators and programmers.
Soap Box OFF
-- Michael Erskine (Osiris@urbanna.net), January 10, 2000.
Article's URL:http://www.cnn.com/2000/TECH/computing/01/10/credit.card.crack.ap/inde x.html
-- Deb M. (vmcclell@columbus.rr.com), January 10, 2000.
This links to full text of ap reporthttp://ap.tbo.com/ap/breaking/MGIYVACAA3C.html
-- Carl Jenkins (somewherepress@aol.com), January 10, 2000.