INCIDENT: WebCertificate.com hacked

["Simon Gales" <simongales () home com>]

I received the following email this morning (appropriately cleansed):

> > Dear Simon Gales
> >
> > I hate to inform you that your account
> > has been hacked on webcertificate.com and
> > ecount.com. These sites have very weak
> > security protection system and the database
> > with credit cards and other personal information
> > is not protected at all. Your personal details:
> >
> > 123 Spartacus lane
> > Cary IL 23456 US
> >
> > Your credit card information:
> >
> > 1111111111111111
> > expiration time:  10/11/12 1:23:45 PM
> >
> > We offered them our help many times. But top
> > management of webcertificate.com and ecount.com
> > don't care about their customers - you. They
> > care only about their money.
> >
> > zilterio
> > www.zilterio.com

I've notified privacy () webcertificate com and VISA, and am awaiting their
response.

Since they've apparently already been informed (albeit in a questionable
manner) and customer information already disclosed, I felt it appropriate to
forward this on to BugTraq.

Related: http://www.ecommercetimes.com/perl/story/13147.html

Administrivia - the FAQ link sent in the WELCOME email after subscribing to
BugTraq is incorrect (http://www.securityfocus.com/forums/bugtraq/faq.html)
and yields a 404 error.  Also, the address for submitting email to the
BugTraq mailing list could be made a little clearer in that Welcome email.

-Simon