Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Data thief threatens to strike again

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Wed, 12 Jan 2000 11:03:12 -0700
http://www.zdnet.com/zdnn/stories/news/0,4586,2420863,00.html?chkpt=zdnn011200

Data thief threatens to strike again
Computer intruder who tried to extort CD Universe says he'll release
more stolen credit card numbers.

By Mike Brunker, MSNBC
January 11, 2000 3:49 PM PT

An e-mail author claiming to be the thief who released as many as 25,000
stolen credit card numbers earlier this month told NBC News he'll soon
start distributing more card numbers on a new Web site. "Maxus," aka
"Maxim," claims to have stolen 300,000 credit card files from online music
retailer CD Universe. The site he set up to hand out stolen card
information was shut down over the weekend, but a writer identifying
himself as the thief told NBC he'll open up a new site "soon." In a
separate note to MSNBC, the same writer hinted part of his motivation was
to criticize e-commerce companies that don't do enough to preserve users'
privacy.

The heist sent shockwaves through the e-commerce world over the weekend.
The intruder, who claims to have plundered 300,000 credit card numbers
from an Internet music retailer's computers, posted thousands of numbers
on a Web page after failing to force the company to pay him $100,000. The
FBI is investigating the theft and attempted extortion, and the company,
CD Universe, said it was advising customers that their credit card data
could have been compromised.

Word of the extortion plot surfaced Friday, when the thief contacted a
California computer security firm and directed employees to the Web site
where he apparently had been posting the credit numbers since Christmas
Day. Asked why he thought CD Universe refused to pay him the $100,000,
Maxus replied (sic), "They ... prefer money vs. people privacy."

He also said he still has access to the CD Universe credit card database
and can still glean credit card numbers from the site.

Brad Greenspan, chairman of eUniverse, the parent company of CD Universe,
said Monday that company officials and an outside security firm it had
hired were still attempting to determine how the thief had made off with
the financial information. But he said there are reasons to believe that
other online retailers also could be vulnerable.

Other sites could be vulnerable

[snip..]

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: