http://news.cnet.com/news/0-1007-200-5192742.html?tag=mn_hd

Software e-tailer alerts customers to breach

By Cecily Barnes Staff Writer, CNET News.com March 20, 2001, 9:30 a.m. PT Online software store AtomicPark.com notified approximately 500 customers this week that a hacker stole credit card numbers from its Web site last week. The company, which advised customers to immediately contact their credit card providers, said the hacker has made at least one charge on an Internet pornography site using stolen information. The person has also attempted to divert as much as $25,000 from a corporate credit card to Indonesia, the company said. "We've taken measures to make sure this can't happen again, and we've brought on the FBI," said William G. Abraham, a sales coordinator with AtomicPark. AtomicPark discovered the security breach after being contacted by a customer inquiring about an unauthorized charge, Abraham said. The company then determined that the hacker had set up a so-called sniffer system, which let him or her access credit card numbers as they were being input into the system. "The (person) sets up a clone bank, so that when the stuff gets entered in here, it also gets entered over there," Abraham said. "Our database has significantly more than 500 credit card numbers in it; that's why with this program there was only a very small window where (he or she) got 500." The company on Monday sent the following e-mail notification to the approximately 500 customers it believes had their information compromised in the attack: "Unfortunately, this message is to inform you that during the week ending 3/17/01, the security of our Web site, AtomicPark.com, was breached from an intruder. Regrettably, we are unable to divulge in the details of the scenario because of an investigation with the FBI, but we can tell you that the investigation thus far suggests that there are approximately 500 customers that are at risk. You are being notified because you are unfortunately in that group of 500 customers that are at risk." Joe Etherage was one of the e-mail recipients. He said he immediately contacted his credit card company and had them cancel his account. "I think after this experience, I think I'll just go with larger vendors," Etherage said. "It was pretty much a shock to find out their site had been breached." Security breaches have become increasingly common on the Internet, with hackers often obtaining personal customer information, including credit card numbers. Earlier this month, Amazon.com-owned Bibliofind was forced to shut down its Web site after some 98,000 customer accounts were exposed. In January, a security hole at Travelocity.com exposed the personal information of up to 51,000 customers, and a breach at Egghead.com in December potentially exposed its entire 3.7 million-customer database. Perhaps the most high-profile security breach took place last October when hackers succeeded in breaking into Microsoft's corporate network. Some security experts said they believed that if hackers could infiltrate a system as large and protected as Microsoft's, then nobody's site was safe.

main page ATTRITION feedback