RealNames' customer database hacked

[mea culpa <jericho () DIMENSIONAL COM>]

Forwarded From: darek.milewski () us pwcglobal com


RealNames' customer database hacked
By Jim Hu
Staff Writer, CNET News.com
February 11, 2000, 9:10 a.m. PT
http://news.cnet.com/category/0-1005-200-1547688.html

RealNames, a company that substitutes complicated Web addresses with
simple keywords, is warning its users that its customer database has been
hacked, and that user credit card numbers and passwords may have been
accessed.

The company informed its customers of the security breach in an email
written and sent by RealNames chief executive Keith Teare early this
morning.

"Within the last 24 hours we have identified a situation that may have
resulted in our customer information database being compromised, including
customer credit card information," the email read.

The attacks occurred late Wednesday afternoon, Teare told CNET News.com.

A user can register and pay for keywords on RealNames' Web site via credit
card by filling out a form that includes personal information, such as his
or her name, address and email address. RealNames then stores that
information in a database, just like an e-commerce company or domain name
registrar would with a customer making an online purchase or registration.

The perpetrator was able to access customer records, credit card numbers
and passwords. But Teare said there was no evidence that any credit card
numbers have been used. The company contacted the FBI and participating
credit card companies when the hack was discovered.

"We've added further security over the last 48 hours," Teare said.

RealNames is enlisting Atlanta-based security firm ISS to conduct an
audit, Teare said.

The attacks on RealNames were not similar to the distributed denial of
service (DDoS) attacks inflicted upon major Web sites such as Yahoo, eBay
and Amazon.com earlier this week. Those attacks merely shut down the sites
for roughly a three- to five-hour period. The attack on RealNames was more
"malicious" with an intent on accessing private information, a customer
service representative said.

In contrast to the DDoS attacks, the attack on RealNames was aimed at
breaking into the company's database and redirecting a number of its
Internet keyword URLs to a government site in the People's Republic of
China, Teare said.

Because hackers commonly fake an Internet address of origin, Teare could
not conclude whether the hacker originated in China.

RealNames, based in San Carlos, Calif., has developed a system based on
Internet keywords that allows users to type familiar words or phrases to
simplify Internet navigation.

The concept is designed as an add-on to search engines and directories and
to move from point to point on the Internet, the company said.

ISN is sponsored by Security-Focus.COM