webhostingtalk
Anyone else a member of webhostingtalk.com?
It got hacked recently, and now the hacker has issued statements regarding credit card security on the site.
Ouch...
http://www.webhostingtalk.com/
April 7th 2009 07:27
In Progress - WHT Off LineUPDATE: 4:34pm est 04/07/09
It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.
UPDATE: 4:24pm est 04/07/09
We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.
ANNOUNCEMENT - 1:25pm est 04/07/09
This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.
What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.March 26th 2009 09:41
In Progress - Down for maintenanceWe're addressing a db cache issue.
March 26th 2009 00:29
Resolved - Database repairWe are off line until 1 am EST March 3 for a planned database repair.
teammatt3 posted this at 22:12 — 7th April 2009.
He has: 2,102 posts
Joined: Sep 2003
Why are they storing credit card numbers? Isn't that against PCI standards? Or maybe you just can't store that CCV code?
At least they are being open about it. That takes some guts.
sarkova posted this at 02:01 — 8th April 2009.
They have: 3 posts
Joined: Apr 2009
I`m not a member from that site. Maybe that is mistake from the staff. Why they store credit card number and cvv number. That is very vital..
pr0gr4mm3r posted this at 10:20 — 8th April 2009.
He has: 1,502 posts
Joined: Sep 2006
CC numbers can be stored under strict security conditions, but not CVV numbers.
decibel.places posted this at 18:51 — 8th April 2009.
He has: 1,494 posts
Joined: Jun 2008
hosting with a service can expose you to risk
BlueHost told me a few weeks ago they had to tighten security measures after DOS attacks.
I'm working on a site on Drupal Value Hosting that is frequently down, no http no ftp no cpanel...
If you can host on your own server, at least you can control the security measures, and you are not affected by an attack on another site.
nnkj posted this at 20:00 — 9th June 2009.
They have: 4 posts
Joined: Jun 2009
Fortunately, I am not the member of that site. Hope members there can manage to cancel their cards before something bad happens. I thought the credit card number and ccv code stored as an encoded text.
Canon PowerShot Camera
shakir posted this at 13:42 — 29th June 2009.
They have: 83 posts
Joined: Nov 2007
M not a payed members... but first time heard about the news like this... Few months before DB hacked and lost some posting... but no members discuss about it.. Any how I will contact the admin and confirm it well
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.