Date: Thu, 11 Oct 2001 07:57:40 -0500
From: Simon Gales <simongales@home.com>
To: bugtraq@securityfocus.com
Subject: INCIDENT: WebCertificate.com hacked
Cc: aleph1@securityfocus.com
I received the following email this morning (appropriately cleansed):
>> Dear Simon Gales
>>
>> I hate to inform you that your account
>> has been hacked on webcertificate.com and
>> ecount.com. These sites have very weak
>> security protection system and the database
>> with credit cards and other personal information
>> is not protected at all. Your personal details:
>>
>> 123 Spartacus lane
>> Cary IL 23456 US
>>
>> Your credit card information:
>>
>> 1111111111111111
>> expiration time: 10/11/12 1:23:45 PM
>>
>> We offered them our help many times. But top
>> management of webcertificate.com and ecount.com
>> don't care about their customers - you. They
>> care only about their money.
>>
>> zilterio
>> www.zilterio.com
>>
I've notified privacy@webcertificate.com and VISA, and am awaiting their
response.
Since they've apparently already been informed (albeit in a questionable
manner) and customer information already disclosed, I felt it appropriate to
forward this on to BugTraq.
Related: http://www.ecommercetimes.com/perl/story/13147.html
Administrivia - the FAQ link sent in the WELCOME email after subscribing to
BugTraq is incorrect (http://www.securityfocus.com/forums/bugtraq/faq.html)
and yields a 404 error. Also, the address for submitting email to the
BugTraq mailing list could be made a little clearer in that Welcome email.
-Simon
