Credit Card Data Stolen and Distributed in a Dilebarate Attack

In an ongoing saga, one of the most popular web hosting message boards, www.webhostingtalk.com , has been dealt another serious blow to its security. Late last month, Webhostingtalk was hacked in a deliberate, sophisticated, and calculated manner. The attacker was able to circumvent their security measures and access via a backdoor protected by a firewall to delete all backups and main databases.

In an update shortly after Webhostingtalk came back online, Dennis Johnson, an iNET Community Coordinator, sent out a detailed post explaining all that was then known about the breech with a firm statement that “Absolutely no credit card or PayPal data was exposed.”

Today Inet Interactive, the owners of Webhosting talk, released the news no one wanted to hear.

ANNOUNCEMENT – 1:25pm est 04/07/09

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.

While it is surprising that a hacker who has done that much damage would contact the victim, especially with this level of damage but there were apparent motives. What is currently being done is even more shocking. A post at Web Host Industry Review mentions the hacker may have been motivated after the hack to release the cardholder data to the web because they “had downloaded and looked through the database files, and raised some concerns about how the credit card information was being stored.’ and that the file allegedly includes stored CVV/CVC information.

I don’t believe mentioning PCI compliance here will be necessary, but it is quite obvious that, based on the details so far, the data was not stored in a PCI-compliant manner.

What do you think?

Leave a Reply

Related articles

Two business people sitting at a desk in an office.

Integris Health Patients Face Shocking Extortion Emails Following Devastating Cyberattack

Integris Health, an Oklahoma-based healthcare provider, is notifying patients they may receive extortion emails after suffering a cyberattack. The attack targeted the systems of NoMoreClipboard, an online patient portal, affecting 102,000 patients. Cybercriminals are demanding $2,000 in Bitcoin for the return of patient data, including medical records and contact information.

Read more
Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation