I don't know all of you know about this yet, I just found this out today. I am one of their customer. Here is the news about it.

http://www.msnbc.com/news/553615.asp

So disappoint for their service.

I just read the article on msnbc and thats really bad. If credit card numbers were stolen, they should have alerted everyone the second they knew about it. Bad business call for ADDR.

Jim

hehe

As I mentioned on webhostdir I used to be a customer of those clowns for a whole 4 days before the lack of a single reply to my questions (easy ones) went unanswered.

I read that report, and almost laughed my skull off when it was reported that...

"the company had not been able to respond to a request for comment"

... true to form considering the general way they do business. Sooner they're in dev/null the better..

Greg Moore

Whats even worse is that they spend thousands a month on host directories to receive more customers, and by the looks of it, they are over run by support requests.

Also, if you look in the January 2001 issue of the Web Hosting Magazine and turn to page 90. The 93rd highest rate is ADDR. Take alook at what WHM said about them,

"go their business running so smoothly that the senior management can take off at will to chill out in Hawaii!"

Yeah, business running so smoothly cause they never respond to customer requests!

Jim

I too cracked up laughing when I read that article...

Guess what, finally, they reply my email. Here is the email from them.

Hello,

As for the violation of our database, our company is investigating this situation very closely. Our President has contacted MSNBC to let them know that they did not report an entirely accurate account of what happened.

I want to reassure you that security is always our number one priority and we are taking all possible measures to deal with the situation at hand. According to the results of our investigation, the only detail that could have been compromised, is an old back-up of the customer database which is over a few months old. Further, only a section of that back-up could have been accessed according to our logs. We are currently working closely with FBI in trying to establish the nature of this allegation. At the same time, our specialists are reviewing our entire system structure with intent to identify any additional areas where we can increase the level of security. We are also working directly with VISA and Master Card to pro-actively address all potential fraudulent credit card activity.

Just to let you know, Addr.com has been in business for over 4 years now and we have never had any security related problems in the past. We've had an exceptionally wonderful track record. All of our systems are always up to date, and our security specialists are constantly on the look out for new patches/potential exploits, to insure that we are always running stable and secure platforms for our customers. All of our in-house tools have also been designed and implemented with heavy security in mind. Addr.com is dedicated to providing the highest quality of service possible--your satisfaction is our main goal and we are working hard on making this happen. Please let us know if there is anything we can do for you, or if there are any other questions we can answer. If you prefer, a technical support representative or the supervising manager can give you a call at your convenience to provide you with any other information. If you have any other questions, feel free contact us anytime. Thank you!

Best Regards,
Richard Hutson
support@addr.com
Addr.com Support
http://www.addr.com
1-888-571-5660

And finally, they publish their 888 #. Before, i have to call long distance to CO and never get through with them.

What's this "exceptionally wonderful track record?"

According to MSNBC who research addr.com from the BBB sites, they sound pretty bad to me and have an exceptionally poor track record.

I dont know much about ADDR, but I know they aren't really highly recommended. Also, its evident if you look at the fact that most of their customers are 'newbies' coming from host directories where ADDR gives LOADS of money. Kinda like...*****s...grrrrr.

Jim

Hmmm...

I actually emailed them the other night after hearing about this and asked for a response, so I could offer my assistance in telling them what security problems they have on their systems and how to fix them. Of course, I never got a response. I know of these problems, as I had a client with a few accounts on them, and I tell you, there were too many security problems to list.

The way their systems are set up, how they use network disk mounting to mount all their systems, whereas you root on, you root them all. Worse, you'd probably not have to root any system or find any exploit to gather this information that cracker got. I'd bet you anything, that cracker didn't use any exploit ir even get root access. In fact, I BET that this database was stored in some area of one or more of their servers and didn't even deny non-root user's to view it, etc. I've posted, in a little more detail, but breifly, about addr.com in another thread here... So I won't try and cover all the aspects, but they have always been insecure.

Hmmm, let's see:

"As for the violation of our database, our company is investigating this situation very closely. Our President has contacted MSNBC to let them know that they did not report an entirely accurate account of what happened."

What did MSNBC report inaccurately? They said a database with CC numbers and usernames and passwords was taken, people had fraudulent charges on their cards, etc. What was not entirely accurate? Did that not happen? If not, whom contacted MSNBC about it and verified people's information?


"I want to reassure you that security is always our number one priority"

Always, huh? Hmmm, I don't think so. If that was the case, why did they have an old database on their server, just to mention one thing, and in regards to this specific issue even?

"and we are taking all possible measures to deal with the situation at hand."

I'd assume so, at least in that regard.

"According to the results of our investigation, the only detail that could have been compromised, is an old back-up of the customer database which is over a few months old."

...and, that was stored on the server, for what reason? Are people's cards just not worth anything afte a few months now? How is that meaning there's less of a problem?

"Further, only a section of that back-up could have been accessed according to our logs. We are currently working closely with FBI in trying to establish the nature of this allegation."

Funny how everyone's always working so "closely" with the FBI. Is there that many federal officers available for Internet issues now?

"At the same time, our specialists are reviewing our entire system structure with intent to identify any additional areas where we can increase the level of security."

They mean, they might plan to actually do something.

"We are also working directly with VISA and Master Card to pro-actively address all potential fraudulent credit card activity."

They won't bother to contact the people themselves.


"Just to let you know, Addr.com has been in business for over 4 years now"

and is finally talking about taking steps to secure the system, even though they state it is secure now, and admit to having a database that's a few months old with how many thousands of CC's and passwords?

"and we have never had any security related problems in the past."

They that KNOW OF, which doesn't help. And, that's not true, unless no one has ever bothered to try anything on their system, which already had signs of people screwing around over a year ago.

"We've had an exceptionally wonderful track record."

They're not going to say they suck.

"All of our systems are always up to date, and our security specialists are constantly on the look out for new patches/potential exploits,"

Security specialists? People that don't know how to implement some sort of policy to at least not store so much CC data on their system for anyone to grab. They are worried about remote exploits, but not to prevent exploits from user's on the system. Always up to date? I won't even go there.

"to insure that we are always running stable and secure platforms for our customers."

Stabe and secure? Need I go there.

"All of our in-house tools have also been designed and implemented with heavy security in mind."

Uh....

"Addr.com is dedicated to providing the highest quality of service possible"

Hmmm...

"--your satisfaction is our main goal and we are working hard on making this happen. Please let us know if there is anything we can do for you, or if there are any other questions we can answer."

How about truthful, honest and insightful and reassuring answers, to start? Blah, they are annoying... At least they can admit they didn't have good security before and will not, finally change that. But, their claims now, show that they likely have little interest or intentions to change that, if they are not admitting things need to change. All he basically said, was that they will continue to do what they've been doing, which is nothing. Oh, but they probably won't store CC info on the servers at least... I guess that's better than nothing.