Results 1 to 14 of 14
  1. #1
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622

    Network Solutions Suffers Massive Data Breach

    From Slashdot:
    "Network Solutions, the domain registration and hosting service company, suffered a massive security breach that lasted three months and exposed tens of thousands of credit card numbers of its customers and of the businesses that use its hosting and online payment processing service. The company is just beginning the victim notification process. 'There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.'"
    http://it.slashdot.org/story/09/07/2...ve-Data-Breach

  2. #2
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    2,955
    Nice! Exactly the news I want to hear on a Saturday morning!
    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    [ cPanel Varnish Nginx Plugin ] - Enhance LiteSpeed and Apache Performance
    www.unixy.net - Los Angeles | Houston | Atlanta | Rotterdam
    Love to help pro bono (time permitting). joe > unixy.net

  3. #3
    Join Date
    Mar 2009
    Location
    Toronto, Canada
    Posts
    2,570
    So they didn't discover the security breach until 3 months later?

  4. #4
    And this happening to Network Solutions!
    574k credit card details - unbelievable!

    Not only did they find this only after 3 months, they've taken almost 2 months to report this.
    phpBB3 Forum Hosting by HostingDelivered

  5. #5
    Join Date
    Mar 2009
    Location
    Santa Monica, CA
    Posts
    3,372
    Sounds like an inside job

  6. #6
    Join Date
    Jul 2003
    Location
    NC
    Posts
    270
    More good reasons to use:
    * paypal
    * throw-away credit card numbers
    * prepaid credit cards (walmart moneycard)

    These things happen ALL THE TIME ... yet are rarely reported/publicized.
    Last edited by TowerOfPower; 07-28-2009 at 11:46 AM.

  7. #7
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,571
    Let the fraud orders start flowing...
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  8. #8
    Join Date
    Aug 2007
    Location
    Providence, UT
    Posts
    897
    What I want to know is how they know it lasted 3 months, and how could it last 3 months? Was nobody paying attention; or nothing suspicious for 3 months... ?

    K
    Kody R.
    Sr. Operations Analyst
    100TB.com -> Awesome dedicated servers. 20 locations & lots of bandwidth
    VPS.NET -> Cloud Hosting. 18 Locations. Check out our website!

  9. #9
    Join Date
    Mar 2007
    Location
    United Kingdom
    Posts
    181
    Quote Originally Posted by TowerOfPower View Post
    More good reasons to use:
    * paypal
    Someone needs to explain to me exactly why/how PayPal is "more secure". Assuming that you have your bank account attached to it, you're basically offering an invitation to anybody who manages to compromise your account (the one you enter the full password for each time you think you're on their website - make it easy for keyloggers and the large number of phishing attacks!).

    Yes, you will probably get the money back, but it can take months. With decent credit cards fraud issues are dealt with quickly and you will (in most cases) not have to pay out anything against that fraudulent balance.
    UK, Chicago, & Singapore Fully Managed Cloud VPS
    UK & Arizona Jelastic Java, PHP & Ruby PaaS

    Comprehensive SLAs, backups, full SSD, rebootless kernel updates.
    Experienced managed hosting provider since 2001. True 24x7 Support & Server Management

  10. #10
    Join Date
    Oct 2005
    Location
    UK
    Posts
    552
    Quote Originally Posted by Layershift Damien View Post
    (the one you enter the full password for each time you think you're on their website - make it easy for keyloggers and the large number of phishing attacks!).
    Some people use two-factor authentication to mitigate these kind of attacks; however that really isn't the issue here.

  11. #11
    Join Date
    Mar 2007
    Location
    United Kingdom
    Posts
    181
    Quote Originally Posted by Dark Light View Post
    Some people use two-factor authentication to mitigate these kind of attacks; however that really isn't the issue here.
    Sorry I know it's slightly off-topic, but I believe relevant enough since the implication suggested in this thread is that consumers are safer with PayPal; I know that's what PayPal claim, but the reality is somewhat different.

    AFAIK PayPal doesn't support any sort of two-factor auth.? I know some banks do, but that's kind of my point (PayPal can often mean access to your bank account funds without any of the safeguards your bank deploys); I'm personally aware of a number of people who have had money extracted from their bank accounts this way and it has taken months to recover it.

    Yes the Network Solutions data breach is a big deal, but at least for the average consumer their credit cards should provide a good level of protection against fraudulent use. Assuming that they'd used PayPal they could suffer a similar loss and be genuinely out of pocket for at least a few months whilst the matter is resolved - that could be a huge problem if you can't pay your bills in the meantime!
    UK, Chicago, & Singapore Fully Managed Cloud VPS
    UK & Arizona Jelastic Java, PHP & Ruby PaaS

    Comprehensive SLAs, backups, full SSD, rebootless kernel updates.
    Experienced managed hosting provider since 2001. True 24x7 Support & Server Management

  12. #12
    Join Date
    Oct 2005
    Location
    UK
    Posts
    552
    Verisign VIP is supported on the PayPal website, which requires that you enter a code from your authenticated VIP device before being allowed into your account, after you have successfully entered your password.

    I agree that credit cards are easier to get your money back on; however for those folks who used a debit card at the company, then they will have a very different experience getting their money back.

    If PayPal's servers were hacked, it would be no different to any other company getting their servers hacked; however there would be a hell of a lot more confidential data and a lot more in it for the hacker. PayPal's primary function is to process transactions, if they lose customer data then they're out of business; so they try to ensure they don't. NetworkSolution's job is to sell stuff, and payment processing is just a part of that - they can continue to operate even if they leak credit card information whereas PayPal would have a harder time and so they spend much more on their security than NetSol does.

    In regards to having your account hacked at PayPal, yes that is a real possibility. That's why, having made the change to two-factor authentication, I would never go back. We're trying to ensure that all our systems are changed to two-factor whereever appropriate but it's not always possible.

    If you lose your PayPal balance, then you're pretty much out of luck whatever happens. If you're card is charged, then the banks can reverse it like any other transaction. I am not entirely sure about bank transfers; though I know there is a small window to reverse a transfer if it is fraudulent.

  13. #13
    Visa/MC should start holding the companies who leak this data more responsible for fraudulent charges, instead of just billing the entire thing back to the merchant.

    For paypal, I believe you can get a free VIP device that's branded with paypal if you have a business account. I've been using mine for some time, the only downside is occasionally misplacing it .

  14. #14
    Quote Originally Posted by k-v-n86 View Post
    Visa/MC should start holding the companies who leak this data more responsible for fraudulent charges, instead of just billing the entire thing back to the merchant.
    I suggest reading about PCI compliance. There are rather large expenses involved for companies who loose cardholder data that far exceed the cost of protecting it. They are in the range of $500k per card brand and can be much higher. It costs the company 20-40 per card lost to cover the re-issue of cards plus credit monitoring for the users. So in this case, it will most likely cost Network Solutions several million $$ in fines.
    ZZ Servers - Business Hosting, HIPAA and PCI Compliant Hosting Solutions - http://www.zzservers.com
    Xen Virtual Private Servers | Dedicated Servers | Shared Hosting
    Custom configurations, firewall, VPN, load balancers, private networks and more.

Similar Threads

  1. Status of credit card data breach
    By Troy Augustine in forum WHT Announcements, Feedback and Questions
    Replies: 0
    Last Post: 04-09-2009, 11:59 PM
  2. OffShore Hosting Solutions | EU Data Center | High Quality Network
    By NetWatcher in forum Shared Hosting Offers
    Replies: 0
    Last Post: 07-26-2008, 04:00 PM
  3. EasySpeedy.com - Massive Lag - Network Unstable
    By Clanwarz in forum Dedicated Server
    Replies: 10
    Last Post: 09-26-2006, 11:31 AM
  4. Massive Site/network Sale!
    By Amish_Geek in forum Other Offers & Requests
    Replies: 7
    Last Post: 03-13-2005, 09:05 PM
  5. Advertise on Massive Network
    By mdurrant in forum Other Offers & Requests
    Replies: 2
    Last Post: 08-30-2003, 12:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •