I looked through God knows how many pages of threads and I could not find the information. Could Troy, SWR, whoever knows tell us if the address table (attached to CC billing info on file) was accessed by hacker as well?

I looked through God knows how many pages of threads and I could not find the information. Could Troy, SWR, whoever knows tell us if the address table (attached to CC billing info on file) was accessed by hacker as well?

I wouldn't doubt it... In fact, I see no reason how it could *not* have been compromised seeing how everything else was.

I am asking because one user mentioned that if the hacker does not have the address, then fraud order process is harder to pull off (if the delivery address does not match the billing one on file). But then there were already reports of fraud charges... and that makes me wonder the above.

I think you have to assume that everything was accessed until we have proof to the contrary.

I think you have to assume that everything was accessed until we have proof to the contrary.

Could you provide a list of the data that was potentially compromised? i.e. the fields held in the tables.

I think you have to assume that everything was accessed until we have proof to the contrary.

Could you provide a list of the data that was potentially compromised? i.e. the fields held in the tables.

^ what he said. It think it might turn very useful for many members and actions they will take to prevent potential trouble. Unless of course we'll wait until hacker posts some more information about what else he has.

I'll see what I can find out. But I think most, if not all, of it was covered in the other thread.

I'll see what I can find out. But I think most, if not all, of it was covered in the other thread.

While the information in the CC table was widely covered, I've not seen a list of the "other" information (i.e. info held in other tables).

A list of that would be much appreciated.

While the information in the CC table was widely covered, I've not seen a list of the "other" information (i.e. info held in other tables).

A list of that would be much appreciated.What could there possibly be? Names? Addresses? Credit Card numbers? What could there possibly be beyond what's been noted in the other thread that tables contained? Did you submit a Social Security number or something? I'm just trying to figure out what anyone could be fishing for because I can't think of anything useful that could be held in any table.

I'll see what I can find out. But I think most, if not all, of it was covered in the other thread.

A link to "the other thread" would be ideal. All I've read is the thread which states that credit card numbers, CVV and full names where compromised. Was it confirmed if full billing addresses are stored also?

In the same DB as the creditcard table which was exposed by the hacker, there were also tables for:

address table - includes full billing address at least

customer info table - email addresses, phone numbers, and point of contacts

orders table - would include probably almost every sale iNET processed between late 2003 and when they stopped using it (I've heard on the forums I thought, 2006/2007). In all honesty, this table is probably more valuable in the wrong hands than a table full of mostly expired CC #s.

charges table - would include the date, amount, and authorization # of every charge which went through my.inet (wouldn't necessarily match to the orders table as orders could be paid via other means)

sessions table - would include the date and IP of every login into the system

I apologize I can't be more specific, it's been a long time, so some of that above may be wrong or in different tables than I remembered. ;)

There's also the possibility the code / schema was changed, but based on the fact the creditcard table didn't change (which per PCI DSS should have changed in 2006) I somehow doubt it.

Thanks, Jeremy. That seems to go along with what was posted (http://www.webhostingtalk.com/showthread.php?p=6118218&#post6118218) in the other thread (http://www.webhostingtalk.com/showthread.php?t=852943).

These questions are unnecessary. As people have found out with this incident, once your box(es) have been rooted, you have to assume that everything was compromised. Any data you ever sent to WHT could possibly be in the wild. Hope for the best, but assume the worst and prepare for it.