Card Hacker

A Russian Web-head hacked his way into an online CD retailer’s Web site, capturing hundreds of thousands of active credit card account numbers. The hacker then brazenly demanded a ransom for the stolen information. Connecticut-based eUniverse, Inc. confirmed this week the theft of customer credit card numbers from the company’s CD Universe subsidiary, an online retailer of music CDs. The firm says it was contacted, via fax, in December by a person claiming to possess thousands of CD Universe customer files and demanding $100,000 ransom in exchange for not posting the information on the Internet. The New York Times reported that more than 300,000 credit card numbers were involved. The FBI was notified this past weekend when eUniverse learned that 25,000 stolen card numbers from CD Universe were posted on a Web site called ‘Maxus Credit Card Pipeline’. The Web site was hosted by Washington state-based Lightrealm, Inc. The FBI, which initially became involved in December, shut down the Web site last Sunday. The hacker, named Maxim, reportedly sent an email to the New York Times boasting how he exploited a flaw in CD Universe’s credit card processing software. The hacker described themselves as a 19 year old from Russia. He, she or it is still at large. eUniverse said it has retained a major technology security firm to review its security procedures. You can bet CD Universe will be the safest place to shop online after this disaster. What is most significant is that CD Universe is no “mom and pop” operation. With lots of “mom and pop” operations now going virtual and taking credit card orders over the Internet this may raise some serious security concerns for all Web shoppers.