• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Webhostingtalk.com hacked :o

Red Squirrel

Red Squirrel

No Lifer
This happened a while back but looks like it was worse then they figured. Current update:

UPDATE: 7:14pm est 04/07/09

From what we know now, there were more records on the database server where the credit card dump was taken. If research shows that a larger number of customer's data was compromised, we will contact those individuals directly.

UPDATE: 4:34pm est 04/07/09

It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.

UPDATE: 4:24pm est 04/07/09

We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.

ANNOUNCEMENT - 1:25pm est 04/07/09

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised during that attack.

What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.

What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.

Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.
Click to expand...



Long story short, maybe a month or so ago their backup server got hacked followed by their main server, and it was unknown at that point if they had other backups of the forums. At that point they did not figure any CC info was stolen.

This is a scary reminder that this can happen to anyone. If someone really wants to hack a site, they'll find a way. These are people that do this all day and know more then even the top security professionals put together. Securing your server will help a lot but if someone really wants in, they'll find a way.
 
Hi Everyone,

I'm from the Web Hosting Talk/iNET Interactive team and wanted to let all of you know the best place to get updates on the current events happening at Web Hosting Talk. We're working hard to resolve current issues and want to make sure everyone is informed of the latest updates and happenings.

To get the latest information and updates, visit the following threads at Web Hosting Talk:

http://www.webhostingtalk.com/...ncement.php?f=31&a=134
http://www.webhostingtalk.com/showthread.php?t=852943

Thanks!
 
Originally posted by: RebateMonger
Wow. Why would they hold CCV codes? Isn't that against their agreements with the credit card companies?
Click to expand...

It's definitely 100% NOT PCI Compliant. :thumbsdown:
 
Originally posted by: Crusty
Originally posted by: RebateMonger
Wow. Why would they hold CCV codes? Isn't that against their agreements with the credit card companies?
Click to expand...

It's definitely 100% NOT PCI Compliant. :thumbsdown:
Click to expand...

QFT! Why would they ever do that...

That really sucks !
 
I found it odd too that they don't use a credit card processor instead so that the CC's are stored by a trusted 3rd party, but then again, nothing stops hackers from hacking a credit card site, the only thing that does is those sites probably have serious legal teams behind them so the penalties would be huge.

Like, if someone hacked paypal imagine how bad that would be. Not only CC info stolen, but bank accounts too. It's scary to think of it but it could happen.
 
Originally posted by: RedSquirrel
I found it odd too that they don't use a credit card processor instead so that the CC's are stored by a trusted 3rd party, but then again, nothing stops hackers from hacking a credit card site, the only thing that does is those sites probably have serious legal teams behind them so the penalties would be huge.

Like, if someone hacked paypal imagine how bad that would be. Not only CC info stolen, but bank accounts too. It's scary to think of it but it could happen.
Click to expand...

luckily that has never happened..as far as I know!
 
Originally posted by: ViviTheMage
luckily that has never happened..as far as I know!
Click to expand...
I have the eery feeling that not all companies TELL you that they've been hacked.

Last year, somebody got my credit card number AND my email address and began buying porn site memberships. Since they had the email address, I know the number was taken from an online site.

That credit card was pretty new, and the email address was an old one I don't use any more. So I was able to narrow down the list of vendors who had both my CC number AND that old email address to only two or three.

Strangely enough, within a few days of the credit card number fraud, one of those vendors (Sprint) sent an email telling me about their NEW security settings.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top