Results 1 to 25 of 495
-
04-08-2009, 04:13 AM #1Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
The events of Tuesday, April 7 2009
This is copy of what was posted on inetstatus.com when we were off line.
ANNOUNCEMENT - 1:25pm est 04/07/09
This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.
What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.
What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.
What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.
Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.
UPDATE: 4:24pm est 04/07/09
We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.
UPDATE: 4:34pm est 04/07/09
It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.
UPDATE: 7:14pm est 04/07/09
From what we know now, there were more records on the database server where the credit card dump was taken. If research shows that a larger number of customer's data was compromised, we will contact those individuals directly.There is no best host. There is only the host that's best for you.0
-
04-08-2009, 04:15 AM #2Web Hosting Master
- Join Date
- Jun 2006
- Location
- United Kingdom
- Posts
- 1,776
It's nice to be back
I'm glad I paid by paypal for my premium membership.-- Adam0
-
04-08-2009, 04:17 AM #3Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-08-2009, 04:17 AM #4Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
Hope you catch the individual; did his method of communication give you any ideas as to his whereabouts?
Luckily I paid for advertising via PayPal.
Are you going to still store CC details in the future? Or let a payment processor handle this sort of thing in the future?
Sounds a plan0
-
04-08-2009, 04:29 AM #5Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
I want to know why iNet are storing credit card numbers, let alone in the clear.
<snip> Isn't that punishable by a custodial sentence?Last edited by SoftWareRevue; 04-08-2009 at 04:31 AM. Reason: DELETED POST REMOVED
0
-
04-08-2009, 04:38 AM #6WHT Addict
- Join Date
- Apr 2008
- Location
- Somerset, UK
- Posts
- 103
Good job I havn't bought anything off here then
Will you be using a new payment method from now on? That doesn't store member credit card details?0
-
04-08-2009, 04:42 AM #7Web Hosting Evangelist
- Join Date
- Apr 2005
- Posts
- 537
i believe if you read the announcement it mentionsd a new payemnt system implemented fron 2007 that does not have this issue, it is just uses from 2006 and previous that have potentional issues
0
-
04-08-2009, 04:42 AM #8Web Hosting Evangelist
- Join Date
- Feb 2008
- Location
- United Kingdom
- Posts
- 503
SharedGrid | Fast, secure, and reliable UK web, reseller and VPS Hosting
Litespeed, Redis Cache, NVMe Drives, Daily Backups, 24x7 Support, Wordpress Optimised.0
-
04-08-2009, 04:46 AM #9Web Hosting Master
- Join Date
- Jan 2004
- Location
- Oztrayla Mate!
- Posts
- 583
0
-
04-08-2009, 04:49 AM #10Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
But didn't Dennis originally say that "Absolutely no credit card or PayPal data was exposed."?
Here we are some 3 weeks later finding out that credit card details were exposed. After todays announcement that credit/debit card details were exposed how can we possibly believe that they no longer store card details?0
-
04-08-2009, 04:52 AM #11Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
Right. How can you believe anything. When we first stated that no credit card or paypal information was compromised, it was what we knew at the time. Now we know different.
We've been upfront with information. We certainly wouldn't want to hide anything. But if you don't know, you don't know.There is no best host. There is only the host that's best for you.0
-
04-08-2009, 04:54 AM #12Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
After looking at my punctuation in the post I made above, I'm more convinced than ever I need to lay down a bit. See ya'll in a few hours!.
There is no best host. There is only the host that's best for you.0
-
04-08-2009, 04:59 AM #13Web Hosting Master
- Join Date
- Jan 2004
- Location
- Oztrayla Mate!
- Posts
- 583
0
-
04-08-2009, 05:02 AM #14Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
Dennis,
Can you confirm that the developers were 100% convinced that no critical data was exposed? Even if the devs were only 99% sure that critical data was exposed then the line of "Absolutely no data was exposed" can be seen to be a lie.
I know you are not one of the developers, and please do not think I was attacking you personally Dennis.0
-
04-08-2009, 05:02 AM #15Junior Guru
- Join Date
- Aug 2004
- Posts
- 242
I hope you and the local authorities work hand in hand to catch the criminal, be he in a democratic country or deep in the countryside of a rogue country, you need to catch him and to stone him!
0
-
04-08-2009, 05:13 AM #16Web Hosting Master
- Join Date
- Oct 2007
- Location
- United States
- Posts
- 1,182
You guys said "my.inetinteractive.com" wasn't affected in another post. How can you say such things if it's all stored on the same servers? Why are all the credit cards stored in plain text and not in a hash format? How can I remove MY personal information from that, and from "find a host" website that is linked to this place?
I liked the service but right now it's to risky to have my data on your servers until proven otherwise. The hacker may attempt another attack just to prove that everything isn't secure yet, and I don't want my information floating around.
I'm not posting this reply out of disrespect, as i'm sure all host's here have a small sense of dependancy on the well being of WHT. But I'm kind of worried about the security measures and reliability of WHT right now. I'm sure you all spent the last 48 hours tightening security, but that hacker may want to try and prove otherwise one more time.www.opticip.com - Optic IP LLC
0
-
04-08-2009, 05:16 AM #17Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
0
-
04-08-2009, 05:20 AM #18Junior Guru
- Join Date
- Aug 2004
- Posts
- 242
0
-
04-08-2009, 05:22 AM #19Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
Are you seriously saying that the hacker could not have been looking for credit card details? A fact that we now know to be true.
Why would he be joking? Trying to help iNet up after they have droped the ball is quite admirable.
Perhaps iNet should have investing in a better security system, and removed "archaic backdoors" that could have been, and were, compromised0
-
04-08-2009, 05:22 AM #20
No joking, the database table are on rapidshare and many others files hosting site for sure.
i got a copy this morning, so i post it to WHT ticket system then they shutdown the site.
So WHT Credit Card info are available for everyone download these db table and my personal information was also found in these db table, i am a bit worried.█ • UnderHost.com • Offshore Hosting Solutions and USA/Canadian based servers.
█ • 24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
█ • Managed OnApp Cloud • USA Cloud Virtual Datacenter - Dedicated and Scalable Resources
█ • Hong Kong - Netherlands - Canada - Caribbean - United States - Russia •0
-
04-08-2009, 05:41 AM #21Web Hosting Master
- Join Date
- Jan 2004
- Location
- Oztrayla Mate!
- Posts
- 583
Unfortunately i am not, i also found another mirror which i will report now. There is a message from the hacker, the credit card database with full CC info and also forum account details and password hash.
Yes i did download it to confirm if it was real or a hoax so i could report it, i have deleted it off my system and used a program to do several data rewrites of 1's and 0's on it when deleting.
No doubt WHT will be contacting anyone effected.
Edit: I used the report button on the first post to submit the second database download.Last edited by 1boss1; 04-08-2009 at 05:45 AM.
0
-
04-08-2009, 05:42 AM #22WHT Addict
- Join Date
- Sep 2004
- Posts
- 153
Is your personal information including Credit Card information too, xmsax?
0
-
04-08-2009, 05:45 AM #23█ • UnderHost.com • Offshore Hosting Solutions and USA/Canadian based servers.
█ • 24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
█ • Managed OnApp Cloud • USA Cloud Virtual Datacenter - Dedicated and Scalable Resources
█ • Hong Kong - Netherlands - Canada - Caribbean - United States - Russia •0
-
04-08-2009, 05:47 AM #24
This was also include in the archives from the hacker.
Anyway, hopefuly this is the last time I have to "try" get into ur ****** servers(COUGH RACKEDGE COUGH) to back the **** up, I wonder if u nigz gonna get sued over this ****. ;-) lolz
OOH before I finnish, u nigz reported the box I posted backup from the 1st time, what would you do if i posted from ur own box now ******? I got more places to post from than u got hair on ur head or mby ur bald lolz
k peace out fags and dont mess with me ;-)█ • UnderHost.com • Offshore Hosting Solutions and USA/Canadian based servers.
█ • 24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
█ • Managed OnApp Cloud • USA Cloud Virtual Datacenter - Dedicated and Scalable Resources
█ • Hong Kong - Netherlands - Canada - Caribbean - United States - Russia •0
-
04-08-2009, 05:57 AM #25Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
Ah sorry, I misunderstood I guess with some of the negativity in this thread I somehow (and wrongly) read your post as a 'Haha I've got the files on my computer too' sort of thing. My apologies.
No, of course he was looking for those (IMHO).
It's just that the hacker's actual post here didn't say "Plus I've got CC details", he just mentioned WHT's member's table.0