Page 1 of 20 123411 ... LastLast
Results 1 to 25 of 495
  1. #1
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412

    The events of Tuesday, April 7 2009

    This is copy of what was posted on inetstatus.com when we were off line.

    ANNOUNCEMENT - 1:25pm est 04/07/09

    This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.

    What data was compromised?
    At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

    What about premium and corporate members? Or display advertisers?
    If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.

    What is WHT and iNET Interactive doing about it?
    If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.

    Why is WHT down and when do we expect it to be back up?
    We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.

    UPDATE: 4:24pm est 04/07/09

    We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.

    UPDATE: 4:34pm est 04/07/09

    It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.

    UPDATE: 7:14pm est 04/07/09

    From what we know now, there were more records on the database server where the credit card dump was taken. If research shows that a larger number of customer's data was compromised, we will contact those individuals directly.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  2. #2
    Join Date
    Jun 2006
    Location
    United Kingdom
    Posts
    1,776
    It's nice to be back

    I'm glad I paid by paypal for my premium membership.
    -- Adam
      0 Not allowed!

  3. #3
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Adam H View Post
    It's nice to be back
    Yes it is. But I think I'm going to go lay down for a few hours.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  4. #4
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Hope you catch the individual; did his method of communication give you any ideas as to his whereabouts?

    Luckily I paid for advertising via PayPal.

    Are you going to still store CC details in the future? Or let a payment processor handle this sort of thing in the future?

    Quote Originally Posted by SoftWareRevue View Post
    Yes it is. But I think I'm going to go lay down for a few hours.
    Sounds a plan
      0 Not allowed!

  5. #5
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    I want to know why iNet are storing credit card numbers, let alone in the clear.
    <snip> Isn't that punishable by a custodial sentence?
    Last edited by SoftWareRevue; 04-08-2009 at 04:31 AM. Reason: DELETED POST REMOVED
      0 Not allowed!

  6. #6
    Join Date
    Apr 2008
    Location
    Somerset, UK
    Posts
    103
    Good job I havn't bought anything off here then
    Will you be using a new payment method from now on? That doesn't store member credit card details?
      0 Not allowed!

  7. #7
    Join Date
    Apr 2005
    Posts
    537
    i believe if you read the announcement it mentionsd a new payemnt system implemented fron 2007 that does not have this issue, it is just uses from 2006 and previous that have potentional issues
      0 Not allowed!

  8. #8
    Join Date
    Feb 2008
    Location
    United Kingdom
    Posts
    503
    Quote Originally Posted by SoftWareRevue View Post
    What about premium and corporate members? Or display advertisers?
    If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.
    I think that explains that they do not store CC information anymore.
    SharedGrid | Fast, secure, and reliable UK web, reseller and VPS Hosting
    Litespeed, Redis Cache, NVMe Drives, Daily Backups, 24x7 Support, Wordpress Optimised.
      0 Not allowed!

  9. #9
    Join Date
    Jan 2004
    Location
    Oztrayla Mate!
    Posts
    583
    Quote Originally Posted by LH-Danny View Post
    I think that explains that they do not store CC information anymore.
    This says different:

    the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts
      0 Not allowed!

  10. #10
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by LH-Danny View Post
    I think that explains that they do not store CC information anymore.
    But didn't Dennis originally say that "Absolutely no credit card or PayPal data was exposed."?

    Here we are some 3 weeks later finding out that credit card details were exposed. After todays announcement that credit/debit card details were exposed how can we possibly believe that they no longer store card details?
      0 Not allowed!

  11. #11
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by DephNet[Paul] View Post
    But didn't Dennis originally say that "Absolutely no credit card or PayPal data was exposed."?

    Here we are some 3 weeks later finding out that credit card details were exposed. After todays announcement that credit/debit card details were exposed how can we possibly believe that they no longer store card details?
    Right. How can you believe anything. When we first stated that no credit card or paypal information was compromised, it was what we knew at the time. Now we know different.

    We've been upfront with information. We certainly wouldn't want to hide anything. But if you don't know, you don't know.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  12. #12
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    After looking at my punctuation in the post I made above, I'm more convinced than ever I need to lay down a bit. See ya'll in a few hours!.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  13. #13
    Join Date
    Jan 2004
    Location
    Oztrayla Mate!
    Posts
    583
    Quote Originally Posted by SoftWareRevue View Post
    After looking at my punctuation in the post I made above, I'm more convinced than ever I need to lay down a bit. See ya'll in a few hours!.
    I just sent you a PM with a download to the Credit Card database.
      0 Not allowed!

  14. #14
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Dennis,

    Can you confirm that the developers were 100% convinced that no critical data was exposed? Even if the devs were only 99% sure that critical data was exposed then the line of "Absolutely no data was exposed" can be seen to be a lie.

    I know you are not one of the developers, and please do not think I was attacking you personally Dennis.
      0 Not allowed!

  15. #15
    Join Date
    Aug 2004
    Posts
    242
    I hope you and the local authorities work hand in hand to catch the criminal, be he in a democratic country or deep in the countryside of a rogue country, you need to catch him and to stone him!
      0 Not allowed!

  16. #16
    Join Date
    Oct 2007
    Location
    United States
    Posts
    1,182
    You guys said "my.inetinteractive.com" wasn't affected in another post. How can you say such things if it's all stored on the same servers? Why are all the credit cards stored in plain text and not in a hash format? How can I remove MY personal information from that, and from "find a host" website that is linked to this place?

    I liked the service but right now it's to risky to have my data on your servers until proven otherwise. The hacker may attempt another attack just to prove that everything isn't secure yet, and I don't want my information floating around.

    I'm not posting this reply out of disrespect, as i'm sure all host's here have a small sense of dependancy on the well being of WHT. But I'm kind of worried about the security measures and reliability of WHT right now. I'm sure you all spent the last 48 hours tightening security, but that hacker may want to try and prove otherwise one more time.
    www.opticip.com - Optic IP LLC
      0 Not allowed!

  17. #17
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by DephNet[Paul] View Post
    But didn't Dennis originally say that "Absolutely no credit card or PayPal data was exposed."?

    Here we are some 3 weeks later finding out that credit card details were exposed. After todays announcement that credit/debit card details were exposed how can we possibly believe that they no longer store card details?
    The hacker's post didn't elude to this at all, and looking from the information posted there was nothing to suggest that CC details were stolen.

    Quote Originally Posted by 1boss1 View Post
    I just sent you a PM with a download to the Credit Card database.
    I assume you're joking?
      0 Not allowed!

  18. #18
    Join Date
    Aug 2004
    Posts
    242
    Quote Originally Posted by tristanperry View Post
    I assume you're joking?
    Not really. I suppose, as soon as you see a download file of the CC# on RapidShare or TPB, you need to tell WHT so they can get in touch with the site owner to remove the download file ASAP.
      0 Not allowed!

  19. #19
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by tristanperry View Post
    The hacker's post didn't elude to this at all, and looking from the information posted there was nothing to suggest that CC details were stolen.
    Are you seriously saying that the hacker could not have been looking for credit card details? A fact that we now know to be true.

    Quote Originally Posted by tristanperry View Post
    I assume you're joking?
    Why would he be joking? Trying to help iNet up after they have droped the ball is quite admirable.

    Perhaps iNet should have investing in a better security system, and removed "archaic backdoors" that could have been, and were, compromised
      0 Not allowed!

  20. #20
    Join Date
    May 2008
    Location
    Canada
    Posts
    985
    Quote Originally Posted by tristanperry View Post
    The hacker's post didn't elude to this at all, and looking from the information posted there was nothing to suggest that CC details were stolen.


    I assume you're joking?

    No joking, the database table are on rapidshare and many others files hosting site for sure.

    i got a copy this morning, so i post it to WHT ticket system then they shutdown the site.

    So WHT Credit Card info are available for everyone download these db table and my personal information was also found in these db table, i am a bit worried.
    UnderHost.comOffshore Hosting Solutions and USA/Canadian based servers.
    24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
    Managed OnApp CloudUSA Cloud Virtual Datacenter - Dedicated and Scalable Resources
    Hong Kong - Netherlands - Canada - Caribbean - United States - Russia
      0 Not allowed!

  21. #21
    Join Date
    Jan 2004
    Location
    Oztrayla Mate!
    Posts
    583
    Quote Originally Posted by tristanperry View Post
    I assume you're joking?
    Unfortunately i am not, i also found another mirror which i will report now. There is a message from the hacker, the credit card database with full CC info and also forum account details and password hash.

    Yes i did download it to confirm if it was real or a hoax so i could report it, i have deleted it off my system and used a program to do several data rewrites of 1's and 0's on it when deleting.

    No doubt WHT will be contacting anyone effected.

    Edit: I used the report button on the first post to submit the second database download.
    Last edited by 1boss1; 04-08-2009 at 05:45 AM.
      0 Not allowed!

  22. #22
    Join Date
    Sep 2004
    Posts
    153
    Is your personal information including Credit Card information too, xmsax?
      0 Not allowed!

  23. #23
    Join Date
    May 2008
    Location
    Canada
    Posts
    985
    Quote Originally Posted by gzola View Post
    Is your personal information including Credit Card information too, xmsax?
    No only, my email, users and password hash.
    UnderHost.comOffshore Hosting Solutions and USA/Canadian based servers.
    24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
    Managed OnApp CloudUSA Cloud Virtual Datacenter - Dedicated and Scalable Resources
    Hong Kong - Netherlands - Canada - Caribbean - United States - Russia
      0 Not allowed!

  24. #24
    Join Date
    May 2008
    Location
    Canada
    Posts
    985
    This was also include in the archives from the hacker.

    Anyway, hopefuly this is the last time I have to "try" get into ur ****** servers(COUGH RACKEDGE COUGH) to back the **** up, I wonder if u nigz gonna get sued over this ****. ;-) lolz

    OOH before I finnish, u nigz reported the box I posted backup from the 1st time, what would you do if i posted from ur own box now ******? I got more places to post from than u got hair on ur head or mby ur bald lolz

    k peace out fags and dont mess with me ;-)
    Maybe WHT know now, who is?
    UnderHost.comOffshore Hosting Solutions and USA/Canadian based servers.
    24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
    Managed OnApp CloudUSA Cloud Virtual Datacenter - Dedicated and Scalable Resources
    Hong Kong - Netherlands - Canada - Caribbean - United States - Russia
      0 Not allowed!

  25. #25
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by 1boss1 View Post
    Unfortunately i am not, i also found another mirror which i will report now. There is a message from the hacker, the credit card database with full CC info and also forum account details and password hash.

    Yes i did download it to confirm if it was real or a hoax so i could report it, i have deleted it off my system and used a program to do several data rewrites of 1's and 0's on it when deleting.

    No doubt WHT will be contacting anyone effected.

    Edit: I used the report button on the first post to submit the second database download.
    Ah sorry, I misunderstood I guess with some of the negativity in this thread I somehow (and wrongly) read your post as a 'Haha I've got the files on my computer too' sort of thing. My apologies.

    Quote Originally Posted by DephNet[Paul] View Post
    Are you seriously saying that the hacker could not have been looking for credit card details? A fact that we now know to be true.
    No, of course he was looking for those (IMHO).

    It's just that the hacker's actual post here didn't say "Plus I've got CC details", he just mentioned WHT's member's table.
      0 Not allowed!

Page 1 of 20 123411 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •