Stolen Credit Data Put Onlinegreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
December 13, 2000 Stolen Credit Data Put Online
A computer intruder scooped 55,000 credit card numbers this week from Creditcards.com, a company that serves dozens of small and medium-sized merchants, and published the information on the Internet after unsuccessfully demanding payment to keep the data secret.
A spokesman for the company, Laurent Jean, said yesterday, "We are aware of the issues and understand their severity, and also are in contact with the F.B.I." The bureau confirmed that it was investigating the incident, which was reported yesterday by Cnet.com.
A person close to the investigation said the intruder contacted the company after breaking into the site on Monday, and published the data on the Internet after a demand for money was rebuffed.
According to the company's Web site, Creditcards.com clients include the online fitness site Premier Solutions, Rock the Vote, Christian Concert Authority and Spy Gate. "We make your business go Ka-Chingg," its Web site promises, referring to its main electronic commerce product.
The Creditcards.com case is one of several recent attempts to extort money from Web sites by threatening to reveal their most sensitive information.
An online security expert said such attacks could largely be avoided if companies kept sensitive data on computers separate from those running their Web sites. "Your credit card is only as secure as the Web site it's going on," said the expert, B. K. DeLong of Attrition.org, a nonprofit computer security site.
-- Martin Thompson (email@example.com), December 13, 2000
Thursday, December 14, 2000
Hacker infiltrates Web company
By PAUL CHAVEZ-- The Associated Press
LOS ANGELES (AP) -- The FBI is looking for a hacker who put thousands of stolen credit-card numbers on the Internet after a $100,000 extortion demand was ignored.
More than 55,000 numbers were stolen from creditcards.com, which processes credit transactions for online companies. About 25,000 of them were posted online when the extortion payment was not made, creditcards.com spokesman Laurent Jean said.
The site containing the numbers has since been taken down by the FBI, said agency spokesman Matthew McLaughlin. No arrests have been made.
Whether the numbers had been used to make illegal charges wasn't immediately known, he said. The FBI asked merchants to contact the agency if they fear their database was compromised.
The hacker, who appeared to be from Russia, contacted creditcards.com about three months ago, the company said in an e-mail sent to its merchants Monday. Creditcards.com said it immediately contacted the FBI and adopted a policy of refusing to cooperate with hackers or meet extortion demands.
The company said it also hired security consultants to help improve its ability to protect data.
One of the company's merchants, ihateshopping.net in Tacoma, Wash., said the hacker contacted it earlier this week and provided all of the stolen credit card numbers.
The online shopping service used that information to create a page where potential victims can enter their name and address to determine if their credit card was compromised, said Harry Widdifield, owner of the site.
"We think it's the most judicious use of the information that was given to us by the hackers possible," Widdifield said.
An executive with Urban Golf Gear, another creditcards.com merchant, said none of the people on its customer list reported illegal card charges.
The Oakland-based company's chief executive officer, Craig Tanner, said he first learned of the security breach Monday when the hacker contacted him by e-mail.
"I put my trust in creditcards.com to have a secure system," said Tanner, whose company sells hip golf clothing. "Nobody told me these credit cards were stolen."
The incident is the latest in a string of attacks against companies that deal with credit card information.
Last year, a hacker stole about 300,000 credit card numbers from online music retailer CD Universe and posted about 25,000 of them on the Internet when a demand for $100,000 was not met. The hacker remains at large.
Hackers stole thousands of credit card numbers from SalesGate.com of Buffalo, N.Y., earlier this year.
RealNames, an Internet search service with as many as 20,000 card numbers on file, learned of a hacker infiltration in February.
Western Union shut its Web site for five days in September after hackers stole the card numbers of more than 15,000 customers.
-- Rachel Gibson (firstname.lastname@example.org), December 14, 2000.