Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > HostingDiscussion Community > General Discussion > WebHostingTalk (WHT) is down; full db released by hackers
forgot password?



Reply


Old
  Post #31 (permalink)   04-07-2009, 01:22 PM
HD Community Advisor
 
SenseiSteve's Avatar
 
Join Date: Mar 2009
Location: Saint Louis
Posts: 4,945
Send a message via MSN to SenseiSteve

Status: SenseiSteve is online now
From iNET - the latest status posted on their site

Quote:
This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised on March 21st.

What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.

What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.

Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.
__________________
ProlimeHost- Dedicated Server Hosting & KVM SSD VPS
Three Datacenter Locations: Los Angeles, Denver & Singapore
SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On Site Engineers
 
 
 


Old
  Post #32 (permalink)   04-07-2009, 01:25 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,719

Status: Artashes is online now
Dan, thanks for the quick update on this incident. I edited your quote for formatting purposes - so its easier to read, I hope you don't mind.

Has there been an apology from iNet yet for inconvenience? Or at least a note saying they regret this happened. Sorry I wasn't following the event as closely.
 
 
 


Old
  Post #33 (permalink)   04-07-2009, 01:25 PM
HD Amateur
 
Join Date: Dec 2004
Posts: 61

Status: gearworx is offline
That's just about the scariest thing I have seen so far considering that we have been a member since 2003 and that we've had credit card numbers with them...
__________________
Gearworx - Dual Platform and VPS hosting
 
 
 


Old
  Post #34 (permalink)   04-07-2009, 01:29 PM
HD Amateur
 
Join Date: Dec 2004
Posts: 61

Status: gearworx is offline
Quote:
Originally Posted by Artashes View Post
Dan, thanks for the quick update on this incident. I edited your quote for formatting purposes - so its easier to read, I hope you don't mind.

Has there been an apology from iNet yet for inconvenience? Or at least a note saying they regret this happened. Sorry I wasn't following the event as closely.
Let's wait and see. They're trying to avoid the admittance to fault since there is a potential for legal recourse.
__________________
Gearworx - Dual Platform and VPS hosting
 
 
 


Old
  Post #35 (permalink)   04-07-2009, 01:42 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,719

Status: Artashes is online now
Two threads about the same event merged.
 
 
 


Old
  Post #36 (permalink)   04-07-2009, 03:10 PM
HD Addict
 
Join Date: Oct 2008
Posts: 178

Status: UnderHost is offline
Quote:
Hi, this is a copy of my thread posted on DP and WHT forums (WHT forums goes down after i made a support ticket to INeT)

Hi,

WHT are now down for maintenance since i post this thread on WHT also.

The hacker of WHT, have send a part of the database of webhostingtalk on rapidshare and many others site, i think.

anyway i get a copy of this table DB part.

And this is really horrible, WHT can be suitable in court for this, these personal information are (CreditCard) not coded, db part have 1454 users cc numbers from WHT db table called "creditcard" for premium members.


This is a small copy ( i have changed the line credit card info ) its surely a big problem on the WHT arms for the moments.


Quote:
# Dumped by NEGRO SHELL.
# Home page: http://negro.com
#
# Host settings:
# MySQL version: (4.0.27-standard-log) running on 69.20.126.7 (www.webhostingtalk.com)
# Date: ##/##/####
# DB: "ioms"
#---------------------------------------------------------
DROP TABLE IF EXISTS `creditcard`;
CREATE TABLE `creditcard` (
`card_id` int(11) NOT NULL auto_increment,
`account_id` int(11) NOT NULL default '0',
`address_id` int(11) NOT NULL default '0',
`cardnumber` bigint(20) NOT NULL default '0',
`expdate` varchar(10) NOT NULL default '',
`cardcode` varchar(5) NOT NULL default '0',
`issueingbank` varchar(50) NOT NULL default '',
`nameoncard` varchar(50) NOT NULL default '',
`status` enum('valid','removed','modified','fraud','chargeb ack','other') NOT NULL default 'valid',
`friendlyname` varchar(100) NOT NULL default '',
`admin_note_id` int(11) NOT NULL default '0',
`customer_note_id` int(11) NOT NULL default '0',
`creation_timestamp` bigint(20) NOT NULL default '0',
`creation_session_id` int(11) NOT NULL default '0',
`modify_timestamp` bigint(20) NOT NULL default '0',
`modify_session_id` int(11) NOT NULL default '0',
`removal_timestamp` bigint(20) NOT NULL default '0',
`removal_session_id` int(11) NOT NULL default '0',
PRIMARY KEY (`card_id`),
KEY `account_id` (`account_id`,`address_id`,`cardnumber`)
) TYPE=MyISAM PACK_KEYS=0;

('1', '31', '3', '551061035543668', '7/2012', '143', 'Compass Bank', 'Max M Oneil', 'valid', 'Compass Bank', '0', '0', '1074282270', '144', '0', '0', '0', '0');

if you have premium or only account WHT, check your password and bank billing.

i am also able to find my users in the database.... just need the salt files and i got my password.. from the hash..
__________________
UnderHost Inc. Offshore Hosting Solutions and USA/Canadian based servers.
24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Reseller / VPS / Dedicated
 
 
 


Old
  Post #37 (permalink)   04-07-2009, 03:13 PM
HD Addict
 
Join Date: Oct 2008
Posts: 178

Status: UnderHost is offline
Update from INET:

Quote:
UPDATE: 4:24pm est 04/07/09

We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.

Quote:
UPDATE: 4:34pm est 04/07/09

It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.
__________________
UnderHost Inc. Offshore Hosting Solutions and USA/Canadian based servers.
24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Reseller / VPS / Dedicated
 
 
 


Old
  Post #38 (permalink)   04-07-2009, 03:27 PM
HD Addict
 
JLondon's Avatar
 
Join Date: Apr 2009
Location: Oklahoma
Posts: 157
Send a message via AIM to JLondon Send a message via Skype™ to JLondon

Status: JLondon is offline
This is definitely not a fun issue to deal with. I'm glad to see that they have a professional method of handling this, if they didn't the results could be disastrous. There have been a lot of popular forums hacked recently, so WHT is not the only victim out there to see this happen. Let's hope that they start getting cracked down on.
 
 
 


Old
  Post #39 (permalink)   04-07-2009, 04:01 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,719

Status: Artashes is online now
Quote:
Originally Posted by UnderHost View Post
i am also able to find my users in the database.... just need the salt files and i got my password.. from the hash..
Are you saying that passwords are that easily readable?? I always was under the impression that an application like vBulletin would use good encryption code to protect passwords?
 
 
 


Old
  Post #40 (permalink)   04-07-2009, 04:25 PM
HD Wizard
 
ldcdc's Avatar
 
Join Date: May 2004
Location: Ploiesti
Posts: 3,112

Status: ldcdc is offline
Quote:
Sorry I wasn't following the event as closely.
I followed it closely enough I think, but can't recall if apologies were issued. It wasn't something I was paying special attention to, personally. I was much more interested in stuff like when WHT would get back its missing data for example.
 
 
 


Old
  Post #41 (permalink)   04-07-2009, 04:27 PM
HD Wizard
 
romes's Avatar
 
Join Date: Feb 2007
Location: IL
Posts: 1,651
Send a message via Skype™ to romes

Status: romes is offline
Is HD safe from hacker attempts? Would hate to see something that happened to WHT happen to HD
__________________
RomesBlog.net | New Sci Fi Novel! - Aliens, Wars, Backgrounds, Settings and more!
Vanguard Project | Stay up-to-date on the latest news about my sci fi novel!
 
 
 


Old
  Post #42 (permalink)   04-07-2009, 04:42 PM
HD Addict
 
Join Date: Sep 2005
Posts: 138
Send a message via ICQ to ayksolutions Send a message via AIM to ayksolutions Send a message via MSN to ayksolutions Send a message via Yahoo to ayksolutions

Status: ayksolutions is offline
Underhost,

Do you have the list that was posted on the net? If so, could you send it my way so I can go through it and see if any of our details or on there? We have not purchased anything for a very long time from WHT and I believe the card we used is already canceled either way, but never hurts to be on the safe side.
__________________
www.AYKsolutions.com - Atlanta, Jacksonville, Chicago, Los Angeles
From Shared to Dedicated - High bandwidth plans & VPS available
Professional. Painless. Polite.
 
 
 


Old
  Post #43 (permalink)   04-07-2009, 04:48 PM
HD Addict
 
Join Date: Sep 2005
Posts: 138
Send a message via ICQ to ayksolutions Send a message via AIM to ayksolutions Send a message via MSN to ayksolutions Send a message via Yahoo to ayksolutions

Status: ayksolutions is offline
I have not seen any type of apology from iNet yet on their status page. I suppose that will come later?

It is a huge PCI violation which can be very costly to iNet. I wouldn't be surprised to see them being sued over this, especially if there is any identity theft.
__________________
www.AYKsolutions.com - Atlanta, Jacksonville, Chicago, Los Angeles
From Shared to Dedicated - High bandwidth plans & VPS available
Professional. Painless. Polite.
 
 
 


Old
  Post #44 (permalink)   04-07-2009, 05:04 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,719

Status: Artashes is online now
I think that anyone that has information on points of distribution of database in full or in parts - they should immediately contact iNet about it. Even if its another member who says he knows where its being distributed - let them know about it so they can investigate all leads and block further distribution attempts. The information was stolen, so the last thing we want is help the attacker carry out its mission.
 
 
 


Old
  Post #45 (permalink)   04-07-2009, 05:10 PM
HD Addict
 
Join Date: Sep 2005
Posts: 138
Send a message via ICQ to ayksolutions Send a message via AIM to ayksolutions Send a message via MSN to ayksolutions Send a message via Yahoo to ayksolutions

Status: ayksolutions is offline
How would you go about contacting them? According to their status page they will contact you if your data was compromised.
__________________
www.AYKsolutions.com - Atlanta, Jacksonville, Chicago, Los Angeles
From Shared to Dedicated - High bandwidth plans & VPS available
Professional. Painless. Polite.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: