Ads by TechWords

See your link here
Receive the latest technology news and information.
Networking
E-Business
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Hack of Amazon.com's Bibliofind compromises customer data

March 6, 2001 12:00 PM ET

Computerworld - Bibliofind.com, an online marketplace for rare and hard-to-find books that's owned by Amazon.com Inc., yesterday disclosed that a malicious hacker had broken into its Web site, compromising the security of the customer credit card information processed on its servers between October and February.

Jim Courtovich, a spokesman for Waltham, Mass.-based Bibliofind, said about 98,000 users had been affected. But he added that the company had no information to suggest that anyone's credit card data had been misused.

"In February, there was a defacement to our site," Courtovich said. "When that was investigated, it came to our attention that a hacker had been hacking into our site since October and had downloaded compressed files containing customer information." Systems administrators at Bibliofind didn't detect the activity during routine maintenance checks, he said.

Courtovich said the company has notified the affected users as well as the credit card companies, which in turn notified the issuing banks. Although he said the company had notified law enforcement officials about the incident, he declined to comment on whether a suspect has been identified.

In an e-mail to customers, Bibliofind said, "We have no information at this time to suggest that your credit card has been misused, but we wanted to notify you as a precautionary measure. We have been in contact with the federal law enforcement authorities on this matter, and we have also notified the appropriate credit card companies, so that they can take the necessary steps to protect the interests of any cardholders who may be affected."

The company took its Web site down Friday and removed all credit card information, and customers' addresses and phone numbers, Courtovich said. The site was up and running again yesterday.

"The site will continue to function as a 'matching' service between buyers and sellers," he said. "But now the buyers will complete their transactions directly with the sellers."

Ira Winkler, president of Internet Security Advisors Group in Severna Park, Md., said the reason the hacking went undetected for so long was probably because the hacker was more skilled than Bibliofind's systems administrators.

"A skilled hacker can hide these activities," Winkler said. "I know hackers who have been in systems and the administrators never knew about it." In order to prevent such activities from occurring, he added, companies should train their administrators properly and give them the resources they need to do their jobs.

Related stories:



For more security coverage, visit our Security Watch page.

Have opinions on security issues? Head to the Computerworld security forum. (Note: Registration required to post messages; anyone may read them. To register, click here).


Jump to comments

E-business

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Key Findings: Accelerating ROI with BPM
Click here to watch now!

Uncover the Benefits of Virtualization
Download this Whitepaper Now!  

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

The Power/Density Paradox: The Result of High Density without Power Efficiency
Download this brief to explore what the power/density paradox is and how IT professionals can mitigate the risk.  

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.