Payment Central Inc. Welcomes You!
Back To Homepage
Articles About Online Fraud
Contact Information


Extortionist targets Creditcards.com

By Greg Sandoval, Special to ZDNet
December 12, 2000 2:31 PM PT - Copyright © ZDNet

A hacker called 'chad' leaves the online credit card clearing house hanging after exposing more than 55,000 credit card numbers. The FBI is investigating.

Creditcards.com was the victim of an extortion attempt by a cyberthief accused of hacking into its site and exposing more than 55,000 credit card numbers, the company said Tuesday.

The company is working with the FBI on the case, said Laurent Jean, a spokesman for Los Angeles-based Creditcards.com.

"It was an act of retribution," Jean said. "He was angry with us and this was the way he took out his anger. After (he asked) us for money, we did everything we could to prevent him from entering our system."

The suspect was thought to have hacked into the site and exposed the numbers on the Internet sometime Monday, Jean said. Online merchants who used CreditCards.com were notified by the cyberthief on Monday night. The credit card numbers were still up on the Web early Tuesday.

Huntington Beach, Calif., resident Les Kelly, a photographer and Web site developer, received the notification on Monday evening. While almost deleting e-mail with the rest of his spam, Kelly instead read the e-mail and immediately checked out the claims, he said.

'Chad' leaves users hanging Kelly found neither of his credit card numbers had been stolen. "I have a merchant account for one of my Web sites. There is a possibility that it uses CreditCards.com as a clearinghouse and that is why I was contacted," said Kelly, who described himself as a "average 60-year-old guy -- not a wizard with computers."

The cyberthief forged an email address -- chad@microsoft.com, apparently in reference to the current election woes -- and railed against e-commerce companies and a lack of privacy for which, ironically, the hacker is partially responsible.

"Till (sic) no completely secure way of transferring the confidential information (is) invented, the number one priority for each and every online company is to secure transaction and to hide information about their clients," wrote the cyberthief, who claimed to be part of a group calling themselves the "L33chWareZ haCkInG GrOUp."

Matt McLaughlin, spokesman for the FBI's Los Angeles field office, confirmed that agents from the bureau's "Cyber Squad" are looking into the case.


Hacking a threat to companies

Privately held Creditcards.com is a business-to-business site that works with Web merchants so they can accept credit card payments. According to the company's Web site, its customers include software maker iKnowledge and health site Premier Solutions.

The year has seen several high-profile security breaches at e-commerce sites. In September, human error caused a glitch that allowed a hacker to copy the credit card information of about 15,700 customers from Western Union's Web site. Hackers broke into CD Universe's database in January and posted links to thousands of customer names, addresses, and credit card numbers after being unable to extort money from the online music store.

Though studies have shown that hacker attacks have caused some consumers to shy away from online shopping, hacking is much more of a threat to companies, IDC analyst Charles Cology said.

"It's a pain for the credit card companies who must cancel thousands of cards and potentially reimburse bogus charges," Cology said. However, for the individual cardholder, the breach is a mere nuisance, he said.

Security breaches like the one at Creditcards.com are an indication of where the real security problems are, Cology said: in companies' back-end databases. While there is a certain risk that credit cards sent over the Internet can be intercepted, databases contain huge amounts of personal information that comes from all types of transactions, not just from consumer Internet purchases, he said.

Robert Lemos contributed to this report.-
Copyright © ZDNet



For contact Information, please click here:

:: Copyright © 1999-2004 by Payment Central Inc. :: All Rights Reserved :: E-Mail ::