[ISN] Playboy says hacker stole customer info

From: InfoSec News (isnat_private)
Date: Wed Nov 21 2001 - 02:27:41 PST

  • Next message: InfoSec News: "Re: [ISN] Oracle Chief Challenges Hackers"

    Forwarded by: Justin Lundy <jblat_private>
    By Greg Sandoval and Robert Lemos
    Staff Writers, CNET News.com 
    November 20, 2001, 11:50 a.m. PT 
    Playboy.com has alerted customers that an intruder broke into its Web
    site and obtained some customer information, including credit card
    The online unit of the nearly 50-year-old men's magazine said in an
    e-mail to customers that it believed a hacker accessed "a portion" of
    Playboy.com's computer systems. In the e-mail, a copy of which was
    reviewed by CNET News.com, Playboy.com President Larry Lux did not
    disclose how many customers might have been affected.
    Playboy.com encouraged customers to contact their credit card
    companies to check for unauthorized charges. New York-based
    Playboy.com also said it reported the incident to law enforcement
    officials and hired a security expert to audit its computer systems
    and analyze the incident.
    "Unfortunately, Playboy is only one of a number of high-profile
    companies who have been subjected to this kind of malicious hacking,"
    Lux said in the e-mail.
    Lux is right. Fraud continues to plague online stores, as much as or
    more than it does stores in the brick-and-mortar world. Web thieves
    who hack into Web stores to pilfer credit card numbers and then go on
    shopping sprees have led banks in some cases to charge higher fees to
    service credit card transactions on the Web.
    The number of hacking incidents also undermines the public's trust in
    e-commerce, analysts have said.
    Playboy.com learned of the breach after a person claiming access to
    its systems and customer information began e-mailing customers Sunday
    night. Although Playboy.com did not say when the intruder first got
    into the site, the hacker in the e-mail claimed to have had access
    since 1998.
    Five Playboy.com customers told CNET News.com that they saw the e-mail
    after logging in Monday morning. All five said the message included
    their credit card information and expiration date.
    Ernie Brooks, who bought a wedding gift from Playboy.com's Web store
    three months ago, said he thought the e-mail was a joke--until he got
    to the part telling him his "personal details" were below. Indeed,
    there was his credit card number and expiration date.
    Stunned, Brooks said he called his bank to cancel the card. "Nobody
    charged anything on it, but I'm going on vacation on Wednesday and now
    I don't have a credit card," he said.
    Another who received the e-mail--a graduate student who bought some
    items on the site for his wife over a year ago--said he has always
    worried about Internet security and whether his credit card
    information is safe.
    "I do most of my shopping online, so it's a big concern," he said. "It
    will be some time before I trust Playboy again."
    Playboy.com's e-mail to customers included a number to call for
    further information: 800-993-6339.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 15:37:05 PST