Hacker Posts Credit Card Info

[mea culpa <jericho () DIMENSIONAL COM>]

http://www.wired.com/news/technology/0,1282,33539,00.html

10:45 a.m. 10.Jan.2000 PST

The FBI is hunting for a self-described cracker said to have posted
300,000 stolen credit card numbers in a blackmail attempt gone bad.

The hacker, believed to be located in eastern Europe, claims to have
stolen 300,000 customer credit card numbers from the CD Universe
store, The New York Times reported Monday. After the store refused to pay
him US$100,000, he published the data on a Web site.

The unidentified hacker, going by the alias Maxim, sent email messages to
the Times saying that he used credit card numbers to obtain money for
himself. He sent actual numbers to the paper as well, to prove the
validity of his claim.

The hacker distributed up to 25,000 of the stolen numbers during the last
two weeks, according to the reports. The site was shut down Sunday
morning.

When the site was operational, visitors could click on a link to obtain a
credit card number and the associated name and address of its holder.

CD Universe and its parent company, eUniverse, are aiding the FBI's
investigation.

"He definitely has CD Universe data," eUniverse chairman Brad Greenspan
told the Times. "Whether he hacked the site or got the data in some other
way, I'm not sure exactly."

The hacker said he cracked into a database at CD Universe's Web site by
way of a software flaw, according to the report. He sent a fax last month
to the company asking for $100,000 in return for the destruction of the
data. After the company refused, he posted the numbers on Christmas Day to
a Web site called The Maxus Credit Card Pipeline.

CD Universe said it was alerting customers and working with the credit
card companies to help those with stolen card numbers.

ISN is sponsored by Security-Focus.COM