'Coordinated' Hackers Steal Internet Retailer Customer Credit Cards
Vertical Web Media's president says hackers breached the company's network even though patches were up-to-date and defenses were in place.
Despite running what he thought was a well-secured network, the president of a publishing company has disclosed that a "coordinated and sophisticated" group of hackers broke in and stole customers' credit card information.
Vertical Web Media said its network was breached in August and hackers made off with customers' names, addresses, phone numbers and e-mail addresses, along with credit card numbers and expiration dates. Jack Love, president of the Chicago-based publisher of Internet Retailer magazine added that only a portion of the company's customers were compromised because the data was pulled offline as soon as the publisher was alerted by a customer that there was a problem.
"This troubles us deeply... We thought our site was extremely well protected," Love told InformationWeek. "We were up-to-date on all our patches. We get a quarter of a million visits a month to our site. We've seen hacking attempts before. Anyone with a site that highly trafficked is going to see that, but we hadn't had a problem. We had a sense of security. But the message here is you can never feel content with security. You have to be ever vigilant."
Love said in mid to late August they were first contacted by a customer telling them there might be a problem but they couldn't pinpoint any security holes. "We immediately assumed there was a problem and took all the credit cards off the site," he added. Then in late August, they were contacted by another customer who said his credit card information had been stolen and the Vertical Web Media site was the only place he had used it.
An investigation found that hackers had been attacking the network from about half a dozen IP addresses around the world, Love said. One would breach the network for about 10 minutes, and then another would pick up the attack from another IP address for another 10 minutes. He added that they were using queries on the system that only produced information on one customer at a time.
Love said he could not reveal how the hackers got into the network at this point because of the ongoing investigation.
"It was too coordinated and sophisticated... This was no joy ride," said Love. "It was no whiz kid playing with us."
The company president added that they pinpointed the hackers' entry point on Aug. 29 and notified the FBI the same day. Letters went out to the affected customers on Sept. 7.
Love said law enforcement is continuing to investigate the breach, and forensic investigators are reviewing logs and records.
The news of the breach at Vertical Web Media comes less than a week after TD Ameritrade Holding disclosed information that a hacker breached its network and stole information on 6.3 million of its customers. This week, an attorney launching a class-action lawsuit against the online brokerage alleged the company knew a hacker had access to a customer database as far back as a year ago.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.