[ISN] 'Hacker Safe' Geeks.com Hacked

From: InfoSec News (alerts@private)
Date: Tue Jan 08 2008 - 00:05:35 PST

Previous message: InfoSec News: "[ISN] 'First' iPhone Trojan rolls into town"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.informationweek.com/news/showArticle.jhtml?articleID=205600099

By Thomas Claburn
InformationWeek
January 7, 2008

Geeks.com, a Web site that still displays a banner from McAfee's 
ScanAlert certifying that it is "Hacker Safe," on Friday sent a letter 
to customers saying that it had been hacked last month.

"Genica dba Geeks.com ('Genica') recently discovered on December 5, 2007 
that customer information, including Visa credit card information, may 
have been compromised," said a letter posted on The Consumerist from 
Jerry L. Harken, Genica's chief of security, to an undisclosed number 
Geeks.com customers. "In particular, it is possible that an unauthorized 
person may be in possession of your name, address, telephone number, 
e-mail address, credit card number, expiration date, and card 
verification number. We are still investigating the details of this 
incident, but it appears that an unauthorized individual may have 
accessed this information by hacking our e-commerce Web site."

Geeks.com has reported the incident to federal authorities and Visa, and 
is encouraging customers to review their credit card statements for 
unauthorized charges. The company has set up two help numbers -- 
1-888-529-6261 or 1-212-560-5108 for non-US customers -- that will be 
active starting on Tuesday for those with questions about the incident. 
It is also providing contact information for the major credit agencies 
to make it easier to report any identity theft fraud arising from the 
incident.

Geeks.com describes itself as a direct-to-consumer e-commerce site that 
specializes in computer-related excess inventory, manufacturer 
-closeouts, popular and esoteric products for the tech-savvy.

A customer sales representative for Geeks.com confirmed that such a 
letter had been sent out but declined to offer further comment.

McAfee acquired ScanAlert in October 2007 and describes it as the 
world's leading provider of e-commerce Web site security services. The 
"Hacker Safe" certification, McAfee explains on its Web site, lets 
"shoppers of ScanAlert customer sites instantly know that they are a 
secure Web site and respond by buying more from them."

The ScanAlert Web site explains that the "Hacker Safe" certification 
doesn't mean 100% safe. "Research indicates sites remotely scanned for 
known vulnerabilities on a daily basis, such as those earning 'Hacker 
Safe' certification, can prevent over 99% of hacker crime," the site 
says.

A spokesperson for McAfee did not immediately respond to a request for 
comment.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/

Previous message: InfoSec News: "[ISN] 'First' iPhone Trojan rolls into town"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Jan 08 2008 - 00:22:26 PST