The RDV Group InfoSec Blog

Thursday, March 09, 2006

Porn Billing Leak Exposes Buyers

Quinn Norton of Wired has a post today (03/09) that probably sends shudders down the spine of many of my friends: "Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers ..."

Norton goes on to say that the compromised information was intentionally stolen, not lost through incompetence, and Wired got a look at it: "... The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included."

If credit card #s are not included, as Wired says, that's good. But the troubling thing about this loss is that it may have been perpetrated by the foundering company (or someone in the company) that was custodian of the data: " ... the company's troubles may have left them vulnerable to information embezzlement: The breach, they say, has all the markings of an inside job. The files appear to have been generated by exporting an SQL database into a CSV format -- a procedure that would be unusually extravagant for a quick, furtive hack attack.

"Moreover, at 4.5 gigabytes in size, the larger file would have been tough to download unnoticed over iBill's internet connection. Thomas speculates that an employee or other insider may have simply walked out of iBill with the transaction records to sell on the data black market."

The list is being used by spammers, and may be used for identity theft.

Be careful where you leave your personal info! And don't expect integrity from porn sites!

UPDATE: Keith Olbermann referred to this story as the #1 article on "Countdown" tonight (03/09), and made a funny: "Remember to keep it in your pants. ..Your credit card, that is."

0 Comments:

Post a Comment

<< Home