UPDATED WITH INFORMATION ON ATTACKER’S MESSAGE AND DATABASE FILE
UPDATED AT APRIL 8, 4:00 P.M. TO INCLUDE INFORMATION FROM INET INTERACTIVE STATEMENT
Internet media company iNet Interactive (www.inetinteractive.com) posted an update to the circumstances surrounding the attack suffered by the Web Hosting Talk message board March 21, saying that some user credit card data was compromised in the attack and has been posted publicly by the attacker.
As of Tuesday afternoon, the domain for Web Hosting Talk was redirecting to the iNet Status site (www.inetstatus.net), which said the site was currently offline, and offered a link to the note, which says the site is down while operators conduct a “full security sweep” of the cluster to make sure the servers are secure.
The site will reportedly return once the sweep is completed.
While previous notices from iNet, posted on WHT, had said no credit card or PayPal information had been compromised, a notice on the site from 1:25 p.m. April 7, says, “this morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.”
According to the notice, credit card information from the company’s self-service billing system used for sticky posts, as well as display or banner advertising prior to December 2007, as well as premium user accounts from prior to 2006 has been publicly posted.
Newer advertiser and premium user information, says iNet, was gathered using a newer billing system that does not store credit card information.
“It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card,” says an update from 4:24 p.m.
iNet says it has contacted all major credit card companies, and is awaiting their guidance. According to the notice, the company will be contacting users whose credit card data it suspects has been leaked.
If you suspect your billing information falls within the range of compromised information, it’s probably a good idea to let your credit card company know while you’re waiting to hear from iNet.
UPDATE:
The public posting of the credit card data may have included a post on WHT itself and one on the Digital Point webmaster forums, according to sources who claim to have seen the posts, and they may have included a link to the database file containing the credit card information.
According to the convoluted and expletive-laden text of the message forwarded to the WHIR (apparently the message posted by the attacker), the hacker’s motivation seems to have been highlighting certain insecurities in Web Hosting Talk’s infrastructure. It also pretty clearly suggests a personal vendetta.
The source, which wished to remain anonymous, also said it had downloaded and looked through the database files, and raised some concerns about the manner in which the credit card information was being stored.
According to the source, the file allegedly includes stored CVV/CVC information, which could be a violation of PCI standards imposed by credit card companies (the standards can be downloaded from the PCI council website). The source also said it appeared as though some credit card information had been labeled “removed” but not actually removed from the database.
A message thread on message board webhostingboard.net says thousands of credit card numbers were included in the file. Some posters say they know of users whose cards have already seen fraudulent charges.
We’ve contacted iNet seeking more information, and will update the story as soon as we hear back from them.
UPDATE (APRIL 8, 4:00 P.M.):
iNet Interactive responded to our questions by linking to a thread on WHT discussing the further breach, and to a statement from the company, also posted in WHT.
“We regret the impact this situation continues to have on the WHT community,” begins the announcement.
The notice says that at 6:15 a.m. on Tuesday, the hacker “communicated that he also had stolen credit card data.” The company says it had initially reported that no credit card data was compromised because “some of our older systems do store credit card data, and that data sits on a database server separate from the WHT databases and under a separate layer of security. At the time of the March 21st attack, we could find no evidence that the database server containing credit card data was compromised.”
The notice says the company’s current research shows the breach encompassed 318 valid credit card numbers with CCV code and about 1,900 expired credit card numbers with CCV code.
“The breach occurred on a system containing 9,561 credit card numbers,” says the notice. “We are still assessing how many of the 9,561 potentially exposed credit card numbers are valid. All confirmed and potential data breaches will be reported to the credit card holder.”
Some posters in the updated thread have pointed out that, based on the content of the hacker’s post, and the information in the database file, the credit card information seems to have been downloaded in a further attack, which might have taken place after March 25.
Posting on behalf of iNet, WHT user SoftwareRevue has addressed some questions posted in the discussion thread. He has said that iNet is working with an outside security firm currently, and that the company is moving to a third-party credit card processing system that will not store any data. He has referred to the storing of CCV/CVV data as a “mistake,” but has not addressed whether the company expects to see any retribution from credit card companies for violating PCI security standards.
About Liam Eagle
Liam Eagle has worked as a contributor to the Web Host Industry Review since its inception in 2000, and as editor since 2003. He has been editor of the WHIR's print magazine since its launch. His daily involvement in the gathering and reporting of Web hosting news and his regular interaction with Web hosting leaders gives him an uncommonly broad appreciation of the issues and tends facing the business. Through his WHIR blog, Liam spots Web hosting trends and offers opinions on the industry-wide impacts of major developments and the motivation behind big announcements. Follow him on Twitter @liameagle
No related posts.
