News

Hacked Company: Breach exposes nearly 6,00,000
By SiliconIndia   |   Monday, 27 July 2009, 19:50 Hrs   |    9 Comments
 Print Email
Hacked Company: Breach exposes nearly 6,00,000
Bangalore: Hosting company and domain registrar Network Solutions has disclosed the data security breach of nearly 6,00,000 credit card holders by malware on a server. The company has notified 4,343 of its nearly 10,000 e-commerce merchant customers about the breach, said Roy Dunbar, Chairman and CEO of Network Solutions.

As reported by CNET News, Network Solutions is investigating this breach that may have led to the theft of credit card data of 5,73,928 people, who made purchases on Web sites hosted by the company. It affects 573,928 cardholders whose name, address, and credit card number were exposed between March 12 and June 8, said Susan Wade, a spokeswoman for Network Solutions.

Network Solutions informed the merchant customers in an e-mail that the credit card transactions were intentionally diverted by an unknown source from certain Network Solutions servers to servers outside. "Mysterious code was discovered in early June on servers hosting e-commerce customer sites during routine maintenance," Susan said. The company called in a third-party forensics team to help with the investigation, and the team was able to crack some of the code on July 13, determining that it could be related to credit card data, she added. According to Susan, it is unknown how the malicious code got onto the system and where it came from.

The hackers left behind malicious code, which allowed them to intercept personal and financial information for people who made purchases at the stores hosted on those servers, said Susan. "So we have notified law enforcement and began the process of notifying our customers. At this point, we don't have a reason to believe that (the data) has been used, but we are working with the credit card companies," she added.

According to the Network Solutions, "Assuring the security and reliability of our services to customers is our most important priority. We store credit card data in an encrypted manner and we are PCI compliant. Unfortunately, any company operating in our business could have become a victim of this type of invasion. In this situation, the unauthorized code appears to have transmitted information about credit card transactions as they were being completed; it did not involve vulnerability in the way we store data in our systems."

But in a prepared statement,Bob Russo, General Manager of the PCI Security Standards Council urged the company to be more cautious about its statements regarding PCI compliance until an investigation is completed. "Until a forensics investigation is completed, an organization cannot comment accurately on its compliance status," Russo said.

However, with this breach of Network Solutions' servers, an unanswered question revolves in the consumers' mind asking, "Do you think it is safe to make transaction on the Internet?"

Write your comment now
 
Reader's comments(9)
1: Once the English nation companies start interacting in a big way with Indian police and officialdom, they will literally run away. Or possibly turn terrorists. They have only seen the realities from inside well guarded fortress like citadels. The actual realities are much more terrible than anything their academic professors have understood, in their shallow minds.
Posted by:Ved from Victoria Institutions - 28 Jul, 2009
2: The cards to be used on net has to be different than those being used elsewhere. The norm will ensure that the credit card is not misused by the entities such as petrol pump or hotel staff. RBI guide line is a good initiative but has limitations as password can be hacked/captured else the One Time Password generating solutions has tobe used.

Secondly all such online transaction systems has to deploy the intelligent authentication systems which can prototype the end user terminal (that is desktop or laptop) and store that data. Whenever next time user is performing transaction, the prototype information has tobe collected again and matched with originally stored one...if not matching it has to force the additional authentication or complete denial and force user to re-verify the initial prototype.

This is called as adaptive athentication and its being introduced in the market space of IT Security.
Posted by:Mrinal - 28 Jul, 2009
3: What is the damage involved?
Posted by:Avinash Murkute - 28 Jul, 2009
4: The first time I ever got a credit card I was simply amazed at the level of security if offered. The 16 digit no clearly printed with the CVV code clearly printed on the reverse with other details like Full name and expiry date all exposed on the face of the credit card.

Somebody need not even steal the card...only a glance to get these details would breach the security. Imagine we give away the credit card at restaurants, fuel stations etc and the collection guys could easily pen down the details and misuse.

Thankfully the RBI has brought stringent rules like compulsory password which will be in effect from Aug 1st.

If someone needs to be blamed I would point it at the financial strategists who designed the security levels and the banks implementing it putting our lives in misery

Lets hope for the best in future.
Posted by:John Manoah - 27 Jul, 2009
5: Disastrous! Common there should be some stringent security. Shame to the Network Solutions.
Posted by:Rakesh - 27 Jul, 2009
6:
please wait
Kranti Replied to: Rakesh - 27 Jul, 2009
7:
With the current state of hacking techniques storage network can never be fully safe, so lets not blame Network Solutions (provided it notifies each and every stakeholder within a very short span of time)

And to add malicious code need not always be injected into your network from outside it can be from inside also (I think u guys can understand), this is where such storage network companies need to be stringent, "who knows how they got the code"

And passwords. we all know how we make them vulnerable,u cannot remember so many passwords,sooo LETS JOT IT DOWN SOMEWHERE, isnt that what we do?
Ambarish Replied to: Kranti - 28 Jul, 2009
8:
Guys, from next month onwards you need to register your CC with your respective banks so as to make them available for your online transactions. If you do not register you wont be able to make any online transactions.

It surely isn't the best way to manage the security but yes it will lower the number of CC mishaps that happens.
D500 Replied to: Ambarish - 28 Jul, 2009
9:
In the world of uncertainites it happens, Take care of your online transacions,,,,Kudos to RBI, though it will slowdown the ecommerce in India, but for sure there will be less credit card detials theft.
Bindu Rathore Replied to: D500 - 29 Jul, 2009
Beautiful and dress selection, please go to Dresses
Sign Up for DailyDose and Read the Day's Highlights
Email:
SiliconIndia About Us   |   Contact Us   |   Help   |   Community rules   |   Advertise with us   |   Sitemap
News:       Technology   |   Enterprise   |   Tech Products   |   Startups   |   Finance   |   Business   |   Career   |   Magazine  |   Dailydose   |   News archive  
Network:      Network   |   Profile   |   Messages   |   Find   |   Blogs   |   Events   |   Q&A   |   CXO Insights  
Career:      Jobs   |   Companies   |   Mentorship   |   Videos   |   Career blogs  |   Training Institute  |   Freshers
Online courses:   Web developer   |   Java developer   |   CCNA training   |   SEO   |   SAS   |   SQL server 2005   |   J2EE
Education:   MBA   |   MCA   |   Engineering   |   Overseas Education   |   Internship
Life:           Jokes   |   Bookstore   |   Relocate  |   Marketplace
Cities:         Startup   |   Real estate   |   Finance  
Send your and help us continue to improve SiliconIndia
© 2012 SiliconIndia all rights reserved