>From: "Customers" <supportat_private> >Reply-To: "Customers" <supportat_private> >To: sleeping_bumat_private >Subject: An Important Message From HostRocket >Date: 23 Nov 2001 17:58:18 -0000 >MIME-Version: 1.0 >Received: from [66.162.64.120] by hotmail.com (3.2) with ESMTP id >MHotMailBDC7E58700AC4004315742A24078B7A80; Fri, 23 Nov 2001 10:50:48 -0800 >Received: (qmail 17365 invoked by uid 99); 23 Nov 2001 17:58:18 -0000 >From supportat_private Fri, 23 Nov 2001 10:51:26 -0800 >Message-ID: <20011123175818.17364.qmailat_private> >Errors-To: "Customers Administrator" <supportat_private> >Organization: Customers >List: Customers >List-Archive: >http://66.162.64.120/cgi-bin/mojo.cgi?flavor=archive&list=Customers >List-ID: 20011123125431 >List-Owner: <supportat_private> >List-Subscribe: >http://66.162.64.120/cgi-bin/mojo.cgi?flavor=subscribe&list=Customers >List-Unsubscribe: >http://66.162.64.120/cgi-bin/mojo.cgi?flavor=unsubscribe&list=Customers >List-URL: http://66.162.64.120/cgi-bin/mojo.cgi?list=Customers >List-Software: Mojo Mail 2.5.1 http://mojo.skazat.com >Precedence: list >X-Priority: 3 > >Dear Customer, > >You are receiving this letter because you either are a current or a past >customer of HR Web Services (HostRocket.Com). The letter below details to >you the specifics of the situation including what has happened, what is >being done to remedy the situation and prevent its reoccurrence, and what >you the customer need to do. > >What Happened: > >A security hole found in a 3rd party billing software package used by us to >manage our customer billing which has had no known security holes until >this date was exposed, and the possibility arose that this information may >have found its way into the hands of people who should not have it, despite >our use of both SSL and heavy encryption. We have no confirmation that >this information is in the hands of anyone with any malicious intent >towards our customers at this time, however the possibility may exist in >the future. We cannot release the details of what program it was etc. yet >as there are many other hosts out there that run the same software package >who’s information will need to be protected as well. > >What We Did: > >Immediately upon the discovery of the intrusion we disabled the affected >systems to prevent the possibility of further access. We then immediately >contacted the credit card processing companies involved to make them aware >of the possibility that the card info was compromised. They assured us >that the card issuing banks would be notified immediately about the >situation, and it will be up to their discretion whether or not there is a >large enough threat posed by this to warrant canceling the cards and >issuing replacements. They also reminded us to remind you the consumer >that you are not and would not be responsible for any fraudulent >transactions that might occur on your card in a worst-case scenario. > >The details regarding this policy implemented by Visa are located at: >http://www.usa.visa.com/personal/secure_with_visa/ > >The details regarding this policy implemented by MasterCard are located at: >http://mastercard.com/general/zero_liability.html/ > >What We Are Doing Now: > >The billing system was heavily modified to be more secure and moved to a >new more secure server in a new physical location and locked down with no >outside connection to the general Internet available for the affect backend >system, which has also been completely recoded. Along with this, all >account passwords have been changed and new passwords sent to all current >HostRocket customers. Other security policy changes are as follows. > >-3 digit confirmation code on the back signature panel of all cards to be >submitted with new orders. > >-All new orders to be confirmed by a live person on our staff before >account activation. > >-All telnet access to all hosting servers and requiring customers to use >SSH (secure shell). > >-IDS (intrusion detection systems) are being installed on all of our >hosting servers. > >These additional security measures are to help cut down on possible >security breaches on other servers of ours in the future. > >What You The Customer Should Do: > >All affected customers should contact their credit card company to see if >they feel that the card should be placed on hold. Check to make sure that >you have received your new login and password information which should be >coming shortly after this email, and that the login and password work for >your account. If they do not work, please contact us for immediate >resolution of any account access problems. > >We at HostRocket apologize repeatedly for any and all inconvenience this >will cause everyone involved. We have hired additional staff to help with >the expected influx of support and to finish up our own in house billing >system which we have coded from the ground up and know to be secure. We >greatly appreciate your understanding and continued support, and look >forward towards working both for and with you to improve our services to >you and your websites alike during the coming years. > >-The HostRocket Team >http://www.hostrocket.com > > >-- >To unsubscribe from: Customers, just follow this link: > >sleeping_bumat_private&p=8233">http://66.162.64.120/cgi-bin/mojo.cgi?f=u&l=Customers&e=sleeping_bumat_private&p=8233 > >Click the link, or copy and paste the address into your browser. > > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 16:04:30 PST