[ISN] Hackers crack A&B site

From: InfoSec News (isnat_private)
Date: Mon May 21 2001 - 00:04:42 PDT

  • Next message: InfoSec News: "[ISN] DOE Computer Forensic Laboratory First Responder's Manual"

    Gillian Shaw 
    Vancouver Sun 
    Saturday 19 May 2001
    Internet shoppers surfing A&B Sound's online store early Friday were
    surprised to find customer names, credit-card numbers and expiry dates
    on the Web site before the company discovered the security breach and
    shut it down.
    The breach affected only shoppers with outstanding orders at the
    online store. A&B Sound was contacting those customers Friday, warning
    them to contact their credit-card issuer. Customers at the company's
    regular retail outlets were not affected.
    A & B Sound representative Tim Howley said his company and police are
    investigating the breach, which was thought to have occurred in the
    early hours of Friday morning. He said the company doesn't yet know
    where the hacker originated or how security was compromised.
    "We want to assure people we're full steam ahead on an investigation
    and we're taking it very seriously," Howley said.
    Reading from a press release, he said:
    "A&B has reason to believe that credit-card information belonging to
    customers who had open, unprocessed orders on the Web site may have
    been obtained, and unauthorized use of that information may have
    occurred. www.absound.ca was immediately shut down by A&B Sound
    pending an internal and police investigation.
    "A&B Sound emphasizes thebreach is limited to open, unprocessed online
    orders and that the security of credit-card information belonging to
    its retail-store customers has not been affected in any way."
    Howley said the Web site, which sells only movies and CDs, accounts
    for only one per cent of the company's retail sales. He said he
    wouldn't know the number of credit cards affected by the breach until
    the investigation is complete.
    Valerie MacLean, vice-president of consumer affairs at the Better
    Business Bureau of Mainland B.C., said credit-card consumers shouldn't
    "In a situation like this where the security of a Web site has been
    compromised, if someone gets your credit-card information, the
    credit-card company will be responsible for it, not the consumer," she
    said. "I wouldn't over-react. Go to your credit-card company, tell
    them what has happened and get a new card.
    "You're not responsible for any fraudulent transactions on your
    MacLean said despite the inconvenience of such incidents as Friday's
    security breach at the A&B site, credit cards are still the best
    method of payment.
    "You are protected from fraudulent transactions and have the
    protection of a charge-back provision in your card-holder agreement if
    you don't receive the goods or services within a prescribed period of
    time," she said.
    "It is certainly unsettling and inconvenient when something like this
    happens, but you won't lose money."
    MacLean also recommended consumers use one credit-card for all online
    transactions, with a low limit as an extra precaution.
    Major credit-card companies said Friday they had not yet heard from
    A&B Sound customers, but newsgroups on the Internet were abuzz with
    subscribers worried their credit-card information may have been
    released online.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Mon May 21 2001 - 01:32:47 PDT