homepage Welcome to WebmasterWorld Guest from 54.166.255.168
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
IBill Loses 17million Records
On of Webs Largest Credit Card Procession Houses
Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4907 posted 2:54 am on Mar 9, 2006 (gmt 0)

Possibly the most significant - and embarassing to some - security leak in the history of the internet.

[wired.com...]

Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers, security experts say.

The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included.

The transactions documented in the database are dated between 1998 and 2003, spanning a period at the height of iBill's success.


 

Kufu

5+ Year Member



 
Msg#: 4907 posted 3:28 am on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

walkman



 
Msg#: 4907 posted 3:52 am on Mar 9, 2006 (gmt 0)

great! Just searched my computer and turns out that I used ibill in 2004!

On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

minnapple

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4907 posted 4:14 am on Mar 9, 2006 (gmt 0)

Now downloading 17 million records . . . . . . . .
You would think someone interally would caught such a thing, no matter how it was done.

Now downloading 18 million records . . . . .
Smells like an inside job to me.

vik_c

10+ Year Member



 
Msg#: 4907 posted 4:33 am on Mar 9, 2006 (gmt 0)

I used ibill as a merchant long back. Then they increased their rates to ridiculous levels. So we moved.

carguy84

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4907 posted 5:42 am on Mar 9, 2006 (gmt 0)

Anyone have a torrent link?


;)

jonathanleger

10+ Year Member



 
Msg#: 4907 posted 6:31 am on Mar 9, 2006 (gmt 0)

You would think someone interally would caught such a thing, no matter how it was done.

Clearly you've never worked in the IT department of a large corporation. They are pretty clueless when it comes to what's going on just about anywhere. :)

As a software developer, I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

iThink

10+ Year Member



 
Msg#: 4907 posted 7:48 am on Mar 9, 2006 (gmt 0)

This list has been on sale since 2004 on a number of boards. So Wired.com is around 2 years late in reporting this.

oddsod

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4907 posted 8:35 am on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Ah, but as you probably know, Google is infallible and unlikely to ever let such a security lapse occur.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4907 posted 8:48 am on Mar 9, 2006 (gmt 0)

Before the flood of sticky's come, I've lost NOTHING, it's the other iBill.

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4907 posted 8:59 am on Mar 9, 2006 (gmt 0)

I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

Anyone who watches "24" should get this. ;)

Essex_boy

WebmasterWorld Senior Member essex_boy us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4907 posted 9:15 am on Mar 9, 2006 (gmt 0)

Oh boy, just what are the implications of this for first time buyers in the ecommerce world?

I think Ill visit that nice nice store on the high street.

goingincircles

5+ Year Member



 
Msg#: 4907 posted 10:15 am on Mar 9, 2006 (gmt 0)

Pretty serious issue, but I did enjoy this paragraph:-

Contacted by Wired News, one of the victims of the breach expressed dismay that his information was in the hands of criminals. The 41-year-old San Diego man says he allowed a "business partner" to use his credit card on an adult website dedicated to finding resources in Tijuana's red light district, with discussion groups and locations of prostitutes.

Out of 17 million records, the one person they contacted had lent his credit card to someone else, he hadn't used porn himself.

What are the odds? :-D

dudibob

5+ Year Member



 
Msg#: 4907 posted 11:04 am on Mar 9, 2006 (gmt 0)

haha, that's funny

it's true, sounds very strange how they didn't realise how someone downloaded millions of files...

gab55

5+ Year Member



 
Msg#: 4907 posted 12:24 pm on Mar 9, 2006 (gmt 0)

A friend told me to search for this "Ibill_1m.txt" and on about half of google DC's it return a site..

Server now had no response.. lol

donpps

10+ Year Member



 
Msg#: 4907 posted 2:46 pm on Mar 9, 2006 (gmt 0)

"Todd Dugas, a former inside sales representative for iBill, estimates that pornography made up 85 percent of the business."

Yikes... time to check those .. bank statements eh? ;)

PanUK

10+ Year Member



 
Msg#: 4907 posted 2:57 pm on Mar 9, 2006 (gmt 0)

great! Just searched my computer and turns out that I used ibill in 2004!
On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

They don't release that data until next year. :)

johncory

5+ Year Member



 
Msg#: 4907 posted 3:22 pm on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

It's ok, all your sensitive data is already labeled, archived and easily retrieved through Gmail. ;)

Essex_boy

WebmasterWorld Senior Member essex_boy us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4907 posted 7:02 pm on Mar 9, 2006 (gmt 0)

Oh right so Ibill are adult content only then! Wont affect me then thank god. (no honestly)

radix

5+ Year Member



 
Msg#: 4907 posted 7:57 pm on Mar 9, 2006 (gmt 0)

This loss of records is really bad news for me as a site owner who used iBill as payment processor in the past, up until Visa's IPSP rules came out. I belong to the est. 15% not in the adult industry with due respect to my subscribers.

If you are a site owner in a similar situation: do you plan any action to relay the news to your customers? Should I send an email to each of them apologizing? Or should I just ignore it?

Thanks!

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4907 posted 8:36 pm on Mar 9, 2006 (gmt 0)

I wouldn't say squat to your customers, you weren't to blame so don't assume any liability whatsoever. It's the responsibility of iBill to address them, not you, as their security was breached, not yours.

bnrowdy

5+ Year Member



 
Msg#: 4907 posted 10:25 pm on Mar 9, 2006 (gmt 0)

IncrediBill is right...if users approach you then communicate with them on a case by case basis but make sure you don't point the finger at yourself by offering an "apology" you shouldn't make.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4907 posted 10:43 pm on Mar 9, 2006 (gmt 0)

Dicussed it with my wife who makes a lot of online purchases and she agreed with me that 3 months later she might remember your company sending the email but not remember anything about iBill.

It could taint repeat business for sure.

mcavic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4907 posted 3:29 am on Mar 10, 2006 (gmt 0)

Google is infallible and unlikely to ever let such a security lapse occur

Infallible, no. But I think Google is quite a bit smarter than the average company.

treeline

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4907 posted 3:48 am on Mar 10, 2006 (gmt 0)

That's why they "accidentally" posted a presentation online that wasn't supposed to be public, on how we should all trust them with our data storage.

walkman



 
Msg#: 4907 posted 3:57 am on Mar 10, 2006 (gmt 0)

>> Infallible, no. But I think Google is quite a bit smarter than the average company.

Plenty of smart companies have fallen victim to hackers. There's always somebody smarter than you...

andrea99



 
Msg#: 4907 posted 4:12 am on Mar 10, 2006 (gmt 0)

I suppose this is a good argument for periodically closing all your accounts and opening new ones. That would be smart. If you made a routine of it you could cope fairly well.

Actually collecting new credit cards is easy, they're constantly pushing them. Maybe throw away accounts is the way to go, just close out accounts when you get a new card.

oddsod

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4907 posted 11:14 am on Mar 10, 2006 (gmt 0)

I suppose this is a good argument for periodically closing all your accounts and opening new ones.

That's emminently sound advice!

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4907 posted 2:26 am on Mar 12, 2006 (gmt 0)

Actually, the best advice I can give is that if you have multiple cards just use ONE for online purchases only, preferrably the one with the lowest credit line, then you can easily tell when you're being abused and you don't have to worry about cancelling all your cards.

Another trick you can play is get a Visa/MC debit card for a stand alone bank account and only transfer funds to that account to cover actual purchases. If you suddenly get nailed there's no money there to take and the damage is very limited.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved