Credit Card Data Stolen and Distributed in a Dilebarate Attack

In an ongoing saga, one of the most popular web hosting message boards, www.webhostingtalk.com , has been dealt another serious blow to its security. Late last month, Webhostingtalk was hacked in a deliberate, sophisticated, and calculated manner. The attacker was able to circumvent their security measures and access via a backdoor protected by a firewall to delete all backups and main databases.

In an update shortly after Webhostingtalk came back online, Dennis Johnson, an iNET Community Coordinator, sent out a detailed post explaining all that was then known about the breech with a firm statement that “Absolutely no credit card or PayPal data was exposed.”

Today Inet Interactive, the owners of Webhosting talk, released the news no one wanted to hear.

ANNOUNCEMENT – 1:25pm est 04/07/09

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.

While it is surprising that a hacker who has done that much damage would contact the victim, especially with this level of damage but there were apparent motives. What is currently being done is even more shocking. A post at Web Host Industry Review mentions the hacker may have been motivated after the hack to release the cardholder data to the web because they “had downloaded and looked through the database files, and raised some concerns about how the credit card information was being stored.’ and that the file allegedly includes stored CVV/CVC information.

I don’t believe mentioning PCI compliance here will be necessary, but it is quite obvious that, based on the details so far, the data was not stored in a PCI-compliant manner.

What do you think?

Leave a Reply

Related articles

Managed Web Application Firewall

Understanding Web Security with a Managed Web Application Firewall

A managed web application firewall is essential for protecting websites from hacker attacks. Managed firewalls, run by security experts, constantly update to safeguard against new threats, offering benefits such as 24/7 monitoring, immediate threat detection, and free automatic updates. Cloud-based firewalls act as a security checkpoint, while installed firewalls provide customized protection. Various common web attacks are defended, and combining two types of firewalls ensures robust security. Factors to consider in choosing a firewall include traffic volume, application mix, budgets, compliance needs, and growth goals. Implementing strong passwords, backups, software updates, user management, and incident investigation enhances overall website security. Partnering with experienced providers ensures comprehensive protection.

Read more
Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation