Welcome to WebmasterWorld Guest from 50.17.117.221

Forum Moderators: buckworks

Message Too Old, No Replies

IBill Loses 17million Records

On of Webs Largest Credit Card Procession Houses

     
2:54 am on Mar 9, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38047
votes: 11


Possibly the most significant - and embarassing to some - security leak in the history of the internet.

[wired.com...]

Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers, security experts say.

The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included.

The transactions documented in the database are dated between 1998 and 2003, spanning a period at the height of iBill's success.

3:28 am on Mar 9, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:June 6, 2005
posts:524
votes: 1


Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

3:52 am on Mar 9, 2006 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


great! Just searched my computer and turns out that I used ibill in 2004!

On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

4:14 am on Mar 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 24, 2000
posts:1747
votes: 4


Now downloading 17 million records . . . . . . . .
You would think someone interally would caught such a thing, no matter how it was done.

Now downloading 18 million records . . . . .
Smells like an inside job to me.

4:33 am on Mar 9, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 13, 2002
posts:408
votes: 0


I used ibill as a merchant long back. Then they increased their rates to ridiculous levels. So we moved.
5:42 am on Mar 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


Anyone have a torrent link?


;)

6:31 am on Mar 9, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 23, 2004
posts:435
votes: 0


You would think someone interally would caught such a thing, no matter how it was done.

Clearly you've never worked in the IT department of a large corporation. They are pretty clueless when it comes to what's going on just about anywhere. :)

As a software developer, I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

7:48 am on Mar 9, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 25, 2003
posts:418
votes: 0


This list has been on sale since 2004 on a number of boards. So Wired.com is around 2 years late in reporting this.
8:35 am on Mar 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2005
posts:2259
votes: 0


Yes, please let me save my files on GDrive.

Ah, but as you probably know, Google is infallible and unlikely to ever let such a security lapse occur.

8:48 am on Mar 9, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


Before the flood of sticky's come, I've lost NOTHING, it's the other iBill.
8:59 am on Mar 9, 2006 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:11313
votes: 165


I could have easily burned enormous amounts of private information on customers (individuals and businesses, addresses, CC numbers, billing information, etc. etc.--very private stuff) to CD and sold it off to the highest bidder and the company would never know a thing because, as I said, management is clueless.

Anyone who watches "24" should get this. ;)

9:15 am on Mar 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member essex_boy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 19, 2003
posts:3171
votes: 2


Oh boy, just what are the implications of this for first time buyers in the ecommerce world?

I think Ill visit that nice nice store on the high street.

10:15 am on Mar 9, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:June 27, 2005
posts:59
votes: 0


Pretty serious issue, but I did enjoy this paragraph:-

Contacted by Wired News, one of the victims of the breach expressed dismay that his information was in the hands of criminals. The 41-year-old San Diego man says he allowed a "business partner" to use his credit card on an adult website dedicated to finding resources in Tijuana's red light district, with discussion groups and locations of prostitutes.

Out of 17 million records, the one person they contacted had lent his credit card to someone else, he hadn't used porn himself.

What are the odds? :-D

11:04 am on Mar 9, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 17, 2005
posts:79
votes: 0


haha, that's funny

it's true, sounds very strange how they didn't realise how someone downloaded millions of files...

12:24 pm on Mar 9, 2006 (gmt 0)

New User

10+ Year Member

joined:May 19, 2005
posts:11
votes: 0


A friend told me to search for this "Ibill_1m.txt" and on about half of google DC's it return a site..

Server now had no response.. lol

2:46 pm on Mar 9, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:July 9, 2003
posts:91
votes: 0


"Todd Dugas, a former inside sales representative for iBill, estimates that pornography made up 85 percent of the business."

Yikes... time to check those .. bank statements eh? ;)

2:57 pm on Mar 9, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:June 30, 2002
posts:83
votes: 0


great! Just searched my computer and turns out that I used ibill in 2004!
On edit: I seem to be safe: "The transactions documented in the database are dated between 1998 and 2003"

They don't release that data until next year. :)
3:22 pm on Mar 9, 2006 (gmt 0)

New User

10+ Year Member

joined:June 16, 2005
posts:31
votes: 0


Yes, please let me save my files on GDrive.

Soon, another leak will top this one.

It's ok, all your sensitive data is already labeled, archived and easily retrieved through Gmail. ;)

7:02 pm on Mar 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member essex_boy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 19, 2003
posts:3171
votes: 2


Oh right so Ibill are adult content only then! Wont affect me then thank god. (no honestly)
7:57 pm on Mar 9, 2006 (gmt 0)

Full Member

10+ Year Member

joined:May 13, 2005
posts:237
votes: 0


This loss of records is really bad news for me as a site owner who used iBill as payment processor in the past, up until Visa's IPSP rules came out. I belong to the est. 15% not in the adult industry with due respect to my subscribers.

If you are a site owner in a similar situation: do you plan any action to relay the news to your customers? Should I send an email to each of them apologizing? Or should I just ignore it?

Thanks!

8:36 pm on Mar 9, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


I wouldn't say squat to your customers, you weren't to blame so don't assume any liability whatsoever. It's the responsibility of iBill to address them, not you, as their security was breached, not yours.
10:25 pm on Mar 9, 2006 (gmt 0)

New User

5+ Year Member

joined:Feb 28, 2006
posts:8
votes: 0


IncrediBill is right...if users approach you then communicate with them on a case by case basis but make sure you don't point the finger at yourself by offering an "apology" you shouldn't make.
10:43 pm on Mar 9, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


Dicussed it with my wife who makes a lot of online purchases and she agreed with me that 3 months later she might remember your company sending the email but not remember anything about iBill.

It could taint repeat business for sure.

3:29 am on Mar 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


Google is infallible and unlikely to ever let such a security lapse occur

Infallible, no. But I think Google is quite a bit smarter than the average company.
3:48 am on Mar 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 18, 2003
posts:921
votes: 0


That's why they "accidentally" posted a presentation online that wasn't supposed to be public, on how we should all trust them with our data storage.
3:57 am on Mar 10, 2006 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


>> Infallible, no. But I think Google is quite a bit smarter than the average company.

Plenty of smart companies have fallen victim to hackers. There's always somebody smarter than you...

4:12 am on Mar 10, 2006 (gmt 0)

Preferred Member

joined:July 8, 2002
posts:584
votes: 0


I suppose this is a good argument for periodically closing all your accounts and opening new ones. That would be smart. If you made a routine of it you could cope fairly well.

Actually collecting new credit cards is easy, they're constantly pushing them. Maybe throw away accounts is the way to go, just close out accounts when you get a new card.

11:14 am on Mar 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2005
posts:2259
votes: 0


I suppose this is a good argument for periodically closing all your accounts and opening new ones.

That's emminently sound advice!

2:26 am on Mar 12, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


Actually, the best advice I can give is that if you have multiple cards just use ONE for online purchases only, preferrably the one with the lowest credit line, then you can easily tell when you're being abused and you don't have to worry about cancelling all your cards.

Another trick you can play is get a Visa/MC debit card for a stand alone bank account and only transfer funds to that account to cover actual purchases. If you suddenly get nailed there's no money there to take and the damage is very limited.