29 окт 2010 07:07:30
If you are a customer of Hobby Search and had ever paid for anything with your credit card, check your billing statements for any suspicious charges !!!
Всем, кто оплачивает покупки на Hobby Search кредитной картой (не пейпел): проверьте ваши денежки. У Hobby Search'a взломали базу данных и украли платежную информацию: номера кредиток и имена их владельцев.
All Hobby Search customers have probably already received such an optimistic e-mail:
We are writing to let you know of a hacker or hackers that
penetrated our computer system and accessed customer data including
credit card information.
At the time of writing, we do not know of any of this information
being available publicly. It is important to us that you, the
customer, do not experience any monetary damages because of this
incident, and have provided the information of all the cards that
may have been involved in this incident to each of the credit card
companies so that they may monitor the activity on these cards.
If you have any concerns about the security of your card, please
contact the card company (via the number on the back of your credit
card).
Also, although we have switched to a more secure credit card
transaction system that only stores the last four digits of your
card on our databases on July 7, 2010, we have disabled credit card
payments indefinitely.
The credit cards involved in this incident are those used in orders
prior to July 7, 2010 (a maximum of 23,526 cards), and we are
notifying those affected with this email.
<The information that may have been accessed>
- Credit card numbers, expiration dates, cardholder names
We do not store personal verification passwords or security codes on
our databases, so these have not been accessed.
Again, we have switched to a more secure credit transaction system
on July 7 that only stored the last four digits of those cards and
cannot be abused by a third party.
We are deeply sorry for any inconvenience or concern that this
incident may have caused.
<A timeline of events>
October 6 - A system administrator found traces of attacks from
Korea and began investigating immediately. That night, we contacted
an external security firm to investigate.
October 7 - The external examiners began investigations in the
morning. We shut off our systems for emergency maintenance,
reinstalled all server operating systems and software, re-examined
security settings, and isolated the server.
Logs indicated that customer data had been sent out from our server
to the address of an institution in Korea.
We contacted that institution by phone and email about this incident
and confirmed that the data had been deleted. We believe that they
were used as a proxy.
October 8 - We revised program, network, firewall, and client
machine security and implemented an intrusion detection system.
October 12 - We contacted the credit card transaction handler and
began discussions about the course of action.
October 20 - The external investigators concluded their
investigations and determined which and how much data had been
ccessed.
October 28 - With the results of the investigation and cooperation
of credit card companies, we are ready to handle customer
correspondence and have sent out email notifications to the
customers that may have been affected.
The attackers took advantage of a security hole in our computer
systems.
We have not determined who they are, but have found the attacks to
be originating from an educational institution in Korea. We have
contacted this institution and requested they determine who the
attackers are and that they secure the data stolen.
We deeply regret that this incident has occured, and are
continuously examining the security of our systems. We believe that
the root of this problem was the lack of security awareness among
each and every employee and are making sure this should not happen
again.
We will work hard to maintain your confidence in Hobby Search and
hope to see your continued patronage.
Sincerely,
Toshiyuki Suzuki
President
Hobby Search
There is also some kind of FAQ here: http://www.1999.co.jp/info_card_qa_e.html
My family, we have one card registered on Hobby Search. We checked it this morning and found nothing suspicious. I really hope no one will be offended in this accident. Still, very unpleasant.
Всем, кто оплачивает покупки на Hobby Search кредитной картой (не пейпел): проверьте ваши денежки. У Hobby Search'a взломали базу данных и украли платежную информацию: номера кредиток и имена их владельцев.
All Hobby Search customers have probably already received such an optimistic e-mail:
We are writing to let you know of a hacker or hackers that
penetrated our computer system and accessed customer data including
credit card information.
At the time of writing, we do not know of any of this information
being available publicly. It is important to us that you, the
customer, do not experience any monetary damages because of this
incident, and have provided the information of all the cards that
may have been involved in this incident to each of the credit card
companies so that they may monitor the activity on these cards.
If you have any concerns about the security of your card, please
contact the card company (via the number on the back of your credit
card).
Also, although we have switched to a more secure credit card
transaction system that only stores the last four digits of your
card on our databases on July 7, 2010, we have disabled credit card
payments indefinitely.
The credit cards involved in this incident are those used in orders
prior to July 7, 2010 (a maximum of 23,526 cards), and we are
notifying those affected with this email.
<The information that may have been accessed>
- Credit card numbers, expiration dates, cardholder names
We do not store personal verification passwords or security codes on
our databases, so these have not been accessed.
Again, we have switched to a more secure credit transaction system
on July 7 that only stored the last four digits of those cards and
cannot be abused by a third party.
We are deeply sorry for any inconvenience or concern that this
incident may have caused.
<A timeline of events>
October 6 - A system administrator found traces of attacks from
Korea and began investigating immediately. That night, we contacted
an external security firm to investigate.
October 7 - The external examiners began investigations in the
morning. We shut off our systems for emergency maintenance,
reinstalled all server operating systems and software, re-examined
security settings, and isolated the server.
Logs indicated that customer data had been sent out from our server
to the address of an institution in Korea.
We contacted that institution by phone and email about this incident
and confirmed that the data had been deleted. We believe that they
were used as a proxy.
October 8 - We revised program, network, firewall, and client
machine security and implemented an intrusion detection system.
October 12 - We contacted the credit card transaction handler and
began discussions about the course of action.
October 20 - The external investigators concluded their
investigations and determined which and how much data had been
ccessed.
October 28 - With the results of the investigation and cooperation
of credit card companies, we are ready to handle customer
correspondence and have sent out email notifications to the
customers that may have been affected.
The attackers took advantage of a security hole in our computer
systems.
We have not determined who they are, but have found the attacks to
be originating from an educational institution in Korea. We have
contacted this institution and requested they determine who the
attackers are and that they secure the data stolen.
We deeply regret that this incident has occured, and are
continuously examining the security of our systems. We believe that
the root of this problem was the lack of security awareness among
each and every employee and are making sure this should not happen
again.
We will work hard to maintain your confidence in Hobby Search and
hope to see your continued patronage.
Sincerely,
Toshiyuki Suzuki
President
Hobby Search
There is also some kind of FAQ here: http://www.1999.co.jp/info_card_qa_e.html
My family, we have one card registered on Hobby Search. We checked it this morning and found nothing suspicious. I really hope no one will be offended in this accident. Still, very unpleasant.
