http://www.msnbc.com/news/553615.asp

Web host's customer database stolen
Hacker claims theft of 46,000 ADDR.com client records

By Bob Sullivan
MSNBC

April 2 - A computer criminal claims to have stolen personal information on 46,000 customers from Web hosting company ADDR.com. The data includes account names and passwords that could be used to alter Web site content, as well as credit card information. Several victims of the heist report finding thousands of dollars in fraudulent charges on the credit cards in recent weeks. ADDR.com has so far not commented on the alleged heist.

[snip]

That is a prime example why I will never, never ever, never never ever, ever never oops.... sorry.

Anyways, this is why I would never store a customers personal information on a computer accessible to the world.

Warm regards and deepest sympathy for ADDR clients :)

Mike

Originally posted by Rehan
http://www.msnbc.com/news/553615.asp

Web host's customer database stolen
Hacker claims theft of 46,000 ADDR.com client records

...

[snip]

46,000 clients? WOW

hehe, yup.... lets see... 46,000 clients... maybe 1/4 gets their card used for an un-authorized sale... dang, that's a heck of a lot of charge backs :D

Addr.com sucks, this has been a problem for quite a LONG time actually. And that exact problem has existed for this duration of that "long time". This poor security and problems with the design of their network and systems linked together with NFS mounted drives on top of that and much more, has been around for a while, and storing this information mentioned on top of that, it was only a matter of time until a criminal got a hold of those files.

Well that sucks....

He might post all the info on a website that would be worse.

Originally posted by mrfunnyman
He might post all the info on a website that would be worse.

He could post it on a website hosted by addr.com which would be even worse.

April 2 - A computer criminal claims to have stolen personal information on 46,000 customers from Web hosting company ADDR.com. The data includes account names and passwords that could be used to alter Web site content, as well as credit card information. Several victims of the heist report finding thousands of dollars in fraudulent charges on the credit cards in recent weeks. ADDR.com has so far not commented on the alleged heist.


Figures.

The same thing happened to creditcards.com a little while ago and that really messed them up. The hacker posted all the credit card numbers on a web site and demanded money. I feel sorry for the people with those CC numbers! Anyway, creditcards.com recently changed their name to ipayment.com or something. They really suck.

This could happen to any company that stores credit card details on PCs connected to the net, but could it have been prevented if the credit card info was encrypted? and how can they be encrypted?

I heard VISA is gradually demanding that card databases be encrypted.

I was thinking about going with BillAdmin, but I'm concerned if the they too are open to hacks? Any thought would be great1
Sean

Originally posted by jonglenn
This could happen to any company that stores credit card details on PCs connected to the net, but could it have been prevented if the credit card info was encrypted? and how can they be encrypted?

I heard VISA is gradually demanding that card databases be encrypted.

Addr.com stored this information, which was the problem. The fact it wasn't encrypted added a lot of that problem, surely. They had no business doing such, especially with full CC numbers and addresses, etc. They have no business knowing someone's full CC number, or rather, no business being able to access it or storing it in such a fashion.
Further, their horribly insecure servers made it not only possible, but likely a criminal would obtain this file and use it for ill intended purposes, eventually. Believe me, if you're on Addr.com, you don't even *want* to know, and just move off of them!

On a somewhat unrelated note, I've noticed that Addr.com has the top spot on Goto.com for "web hosting"--at an amazing $5.01 per click! I don't know what the click-through ratio on Goto is for the #1 web hosting position, but my guess is that must be costing them thousands--if not tens of thousands--per day.