homepage Welcome to WebmasterWorld Guest from 23.20.19.131
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
IBill Loses 17million Records
On of Webs Largest Credit Card Procession Houses
Brett_Tabke




msg:627903
 2:54 am on Mar 9, 2006 (gmt 0)

Possibly the most significant - and embarassing to some - security leak in the history of the internet.

[wired.com...]

Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers, security experts say.

The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included.

The transactions documented in the database are dated between 1998 and 2003, spanning a period at the height of iBill's success.


 

Kufu




msg:627904
 3:28 am on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

walkman




msg:627905
 3:52 am on Mar 9, 2006 (gmt 0)

great! Just searched my computer and turns out that I used ibill in 2004!

On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

minnapple




msg:627906
 4:14 am on Mar 9, 2006 (gmt 0)

Now downloading 17 million records . . . . . . . .
You would think someone interally would caught such a thing, no matter how it was done.

Now downloading 18 million records . . . . .
Smells like an inside job to me.

vik_c




msg:627907
 4:33 am on Mar 9, 2006 (gmt 0)

I used ibill as a merchant long back. Then they increased their rates to ridiculous levels. So we moved.

carguy84




msg:627908
 5:42 am on Mar 9, 2006 (gmt 0)

Anyone have a torrent link?


;)

jonathanleger




msg:627909
 6:31 am on Mar 9, 2006 (gmt 0)

You would think someone interally would caught such a thing, no matter how it was done.

Clearly you've never worked in the IT department of a large corporation. They are pretty clueless when it comes to what's going on just about anywhere. :)

As a software developer, I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

iThink




msg:627910
 7:48 am on Mar 9, 2006 (gmt 0)

This list has been on sale since 2004 on a number of boards. So Wired.com is around 2 years late in reporting this.

oddsod




msg:627911
 8:35 am on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Ah, but as you probably know, Google is infallible and unlikely to ever let such a security lapse occur.

incrediBILL




msg:627912
 8:48 am on Mar 9, 2006 (gmt 0)

Before the flood of sticky's come, I've lost NOTHING, it's the other iBill.

Robert Charlton




msg:627913
 8:59 am on Mar 9, 2006 (gmt 0)

I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

Anyone who watches "24" should get this. ;)

Essex_boy




msg:627914
 9:15 am on Mar 9, 2006 (gmt 0)

Oh boy, just what are the implications of this for first time buyers in the ecommerce world?

I think Ill visit that nice nice store on the high street.

goingincircles




msg:627915
 10:15 am on Mar 9, 2006 (gmt 0)

Pretty serious issue, but I did enjoy this paragraph:-

Contacted by Wired News, one of the victims of the breach expressed dismay that his information was in the hands of criminals. The 41-year-old San Diego man says he allowed a "business partner" to use his credit card on an adult website dedicated to finding resources in Tijuana's red light district, with discussion groups and locations of prostitutes.

Out of 17 million records, the one person they contacted had lent his credit card to someone else, he hadn't used porn himself.

What are the odds? :-D

dudibob




msg:627916
 11:04 am on Mar 9, 2006 (gmt 0)

haha, that's funny

it's true, sounds very strange how they didn't realise how someone downloaded millions of files...

gab55




msg:627917
 12:24 pm on Mar 9, 2006 (gmt 0)

A friend told me to search for this "Ibill_1m.txt" and on about half of google DC's it return a site..

Server now had no response.. lol

donpps




msg:627918
 2:46 pm on Mar 9, 2006 (gmt 0)

"Todd Dugas, a former inside sales representative for iBill, estimates that pornography made up 85 percent of the business."

Yikes... time to check those .. bank statements eh? ;)

PanUK




msg:627919
 2:57 pm on Mar 9, 2006 (gmt 0)

great! Just searched my computer and turns out that I used ibill in 2004!
On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

They don't release that data until next year. :)

johncory




msg:627920
 3:22 pm on Mar 9, 2006 (gmt 0)

Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

It's ok, all your sensitive data is already labeled, archived and easily retrieved through Gmail. ;)

Essex_boy




msg:627921
 7:02 pm on Mar 9, 2006 (gmt 0)

Oh right so Ibill are adult content only then! Wont affect me then thank god. (no honestly)

radix




msg:627922
 7:57 pm on Mar 9, 2006 (gmt 0)

This loss of records is really bad news for me as a site owner who used iBill as payment processor in the past, up until Visa's IPSP rules came out. I belong to the est. 15% not in the adult industry with due respect to my subscribers.

If you are a site owner in a similar situation: do you plan any action to relay the news to your customers? Should I send an email to each of them apologizing? Or should I just ignore it?

Thanks!

incrediBILL




msg:627923
 8:36 pm on Mar 9, 2006 (gmt 0)

I wouldn't say squat to your customers, you weren't to blame so don't assume any liability whatsoever. It's the responsibility of iBill to address them, not you, as their security was breached, not yours.

bnrowdy




msg:627924
 10:25 pm on Mar 9, 2006 (gmt 0)

IncrediBill is right...if users approach you then communicate with them on a case by case basis but make sure you don't point the finger at yourself by offering an "apology" you shouldn't make.

incrediBILL




msg:627925
 10:43 pm on Mar 9, 2006 (gmt 0)

Dicussed it with my wife who makes a lot of online purchases and she agreed with me that 3 months later she might remember your company sending the email but not remember anything about iBill.

It could taint repeat business for sure.

mcavic




msg:627926
 3:29 am on Mar 10, 2006 (gmt 0)

Google is infallible and unlikely to ever let such a security lapse occur

Infallible, no. But I think Google is quite a bit smarter than the average company.

treeline




msg:627927
 3:48 am on Mar 10, 2006 (gmt 0)

That's why they "accidentally" posted a presentation online that wasn't supposed to be public, on how we should all trust them with our data storage.

walkman




msg:627928
 3:57 am on Mar 10, 2006 (gmt 0)

>> Infallible, no. But I think Google is quite a bit smarter than the average company.

Plenty of smart companies have fallen victim to hackers. There's always somebody smarter than you...

andrea99




msg:627929
 4:12 am on Mar 10, 2006 (gmt 0)

I suppose this is a good argument for periodically closing all your accounts and opening new ones. That would be smart. If you made a routine of it you could cope fairly well.

Actually collecting new credit cards is easy, they're constantly pushing them. Maybe throw away accounts is the way to go, just close out accounts when you get a new card.

oddsod




msg:627930
 11:14 am on Mar 10, 2006 (gmt 0)

I suppose this is a good argument for periodically closing all your accounts and opening new ones.

That's emminently sound advice!

incrediBILL




msg:627931
 2:26 am on Mar 12, 2006 (gmt 0)

Actually, the best advice I can give is that if you have multiple cards just use ONE for online purchases only, preferrably the one with the lowest credit line, then you can easily tell when you're being abused and you don't have to worry about cancelling all your cards.

Another trick you can play is get a Visa/MC debit card for a stand alone bank account and only transfer funds to that account to cover actual purchases. If you suddenly get nailed there's no money there to take and the damage is very limited.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved