You're receiving this email because of your relationship with Web Hosting Talk. Please add webhostingtalk@newsletter.myinet.com to your Safe List in order to continue receiving our emails.
|
|
|||||
April 14th, 2009 |
Hello fellow WHTers!An insecure event can instill peace.
I don't have a problem admitting that the events on WebHostingTalk.com over the past few weeks have been hard on me, emotionally and physically. But I see so much good that's come out of it, it's easy to focus on that. We (the WHT community) have had a hard lesson in backups, PCI compliance, and security in general. To me, the fact that WebHostingTalk.com was affected is secondary to the extraordinary message that was sent. "We need to remain vigilant to remain free." I am confident that WebHostingTalk.com is secure. In our continuing pursuit of disseminating information, I'm going to include iNET Interactive's President and CEO, Troy Augustine's post to the community made on April 9, 2009. =======================================================Status of credit card data breach While Dennis has been keeping all of you up-to-date, there has been a team of seven iNET staff members working on the issue to try to minimize the impact to you, our valued members and advertisers. Here's a quick overview of what's going on behind the scenes. Keep in mind that this is a fluid situation. I am sharing the facts as I know them right now. Once we became aware that credit card data had been breached, we have been following Visa's guidelines for addressing data breaches. Servers were shut down to preserve evidence, and we assessed the number of credit cards impacted by the data breach. Our merchant bank was notified. The credit card brands (Visa, Mastercard, etc) were notified. Further, we have taken proactive steps to directly notify those individuals impacted or potentially impacted. As previously described, we believe the scope of the breach is a billing system accessed externally at http://my.inetinteractive.com/. The system was built in the 2004 timeframe, and it was in the process of being phased out. At one point, it processed all transactions associated with WHT. In 2006, premium memberships were transitioned to a new system. In late 2007, display advertising was transitioned to a new system. The only remaining functionality was the payment processing of self-service sticky post purchases. As already reported, 318 active credit cards were compromised. The database server in which this data was contained also stored about 7,300 additional credit card numbers. While we don't have any evidence that this data was compromised, we are proactively notifying those card holders that the possibility exists. In order to prevent this situation from happening again, we have removed credit card storage and processing from my.iNETinteractive.com. Future self-service sticky post purchases will be processed via Paypal. Any stored credit card data has been deleted. We are working with our merchant bank to hire a PCI-certified outside consultant to complete forensic analysis of the incident as well as a PCI compliance audit. We will be implementing any recommendations that come out of the audit. Dennis is part of our daily status meetings. He has the full support of the iNET team, and he will continue to keep you up-to-date and answer questions we are able to answer. Once again, we sincerely regret the compromise of your data. We are working hard to minimize the impact to you, and we are working hard to ensure any weaknesses in our systems are addressed. =======================================================You can always get the latest in news and happenings by visiting our Forum Announcements, Feedback, and Questions forum. Don't forget to follow us on Twitter @WebHostingTalk for fast breaking updates. What has happened is bad. What has been learned is priceless. I wasn't going to mention Lovey Dovey (the bird), but some people have asked. And there are some parallels. It's been 5 weeks since the dove flew into our window. She likely could have been gone by now, but through our caring for her, she lost some tail feathers. We think her broken wing has healed. But her tail feathers still have a few weeks to go before they're ready. The point is, we assumed responsibility for her care when she was first knocked out. While cleaning her cage she escaped in our basement. When we got her back into the cage we noticed she'd lost her tail feathers in the incident. So we implemented a more secure system for when we're cage cleaning. It doesn't matter so much that we may have impeded her recovery. What matters is that we're diligent in seeing her recovery through. A mistake happened. We learned how to make her environment better. We move on. I'll surely update you when she flies away! Thanks for listening. And, see you on the forums! Dennis Johnson (aka SoftWareRevue) Got suggestions? Send me an
e-email: |
||||||||
Hot threads in the community
|
||||||||
WHT Premium Memberships
|
||||||||
Web Hosting Wiki SpotlightBackupsThere are many reasons to have good backups: Hard drives fail, system administrators make mistakes, users accidentally delete files, hackers break into systems and cause damage, et cetera. There are hundreds of ways to create backups, and it's often difficult to compare different backup systems without actually trying them out. However, backup systems can generally be summarized according to the following qualitative characteristics:
Read the rest of Backups. See WHTwiki's featured article list. There are over 200 community-authored articles about the web hosting industry in the Web Hosting Talk community wiki. Lend your experience and expertise in the wiki today! |
||||||||
Get to know the Community
|
||||||||
Ever had your site attacked? 
In this issue...
|
|
 |
|
Follow WHT on
|
|
Spread the Word!
|
|
Did you miss an issue of the Insider?
|
|
WHT Quick Links
|
An insecure event can instill peace.
