Card issuers are scrambling to replace credit card accounts compromised by a recent theft of a customer database from an online CD retailer. The theft has raised eyebrows worldwide. Now a California firm, SecurityFocus.com, says it was recently made aware of a number of e-commerce sites with major database holes. Citing a Russian source, SF says all of the sites had security weaknesses that were so blatant that it is conceivable that their data has already been compromised. With a few simple database commands, verified by SecurityFocus.com, almost anyone could get into the site’s databases and extract web content, credit card, credit card owner, passwords, and even company information such as employee records, salaries, social security numbers and personal information. The discovery was made by Russia-based StrategyPartner.com. The revelations follow the publicity of the recent Maxus Credit Card Pipeline fraud incident. (See previous CardNews for details). SecurityFocus.com estimates the average cyber criminal could easily compromise 20 to 30 small e-tailer sites in one night, given the current weakness in Internet security. For more details visit www.securityfocus.com.