A hacker called 'chad' left online credit card clearing house Creditcards.com hanging after exposing more than 55,000 credit card numbers. The FBI is investigating.
The company was the victim of an extortion attempt by a cyberthief accused of hacking into its site and exposing more thousands of credit card numbers.
Creditcards.com is working with the FBI on the case, said Laurent Jean, a spokesman for the Los Angeles-based firm.
It was an act of retribution," Jean said. "He was angry with us and this was the way he took out his anger. After (he asked) us for money, we did everything we could to prevent him from entering our system."
The suspect was thought to have hacked into the site and exposed the numbers on the Internet sometime Monday. Online merchants who used CreditCards.com were notified by the cyberthief on Monday night. The credit card numbers were still up on the Web early Tuesday.
The cyberthief forged an email address -- chad@microsoft.com, apparently in reference to the current election woes -- and railed against e-commerce companies and a lack of privacy for which, ironically, the hacker is partially responsible.
"No completely secure way of transferring the confidential information (is) invented, the number one priority for each and every online company is to secure transaction and to hide information about their clients," wrote the cyberthief, who claimed to be part of a group calling itself the "L33chWareZ haCkInG GrOUp."
Matt McLaughlin, spokesman for the FBI's Los Angeles field office, confirmed that agents from the bureau's "Cyber Squad" are looking into the case.
Hacking a threat to companies
Privately held Creditcards.com is a business-to-business site that works with Web merchants so they can accept credit card payments.
The year has seen several high-profile security breaches at e-commerce sites. In September, human error caused a glitch that allowed a hacker to copy the credit card information of about 15,700 customers from the US-based Western Union's Web site.
Hackers broke into CD Universe's database in January and posted links to thousands of customer names, addresses, and credit card numbers after being unable to extort money from the online music store.
Though studies have shown that hacker attacks have caused some consumers to shy away from online shopping, hacking is much more of a threat to companies, IDC analyst Charles Cology said.
"It's a pain for the credit card companies who must cancel thousands of cards and potentially reimburse bogus charges," Cology said.
For the individual cardholder however, the breach is a mere nuisance, he said.
Security breaches like the one at Creditcards.com are an indication of where the real security problems are, Cology said: in companies' back-end databases. While there is a certain risk that credit cards sent over the Internet can be intercepted, databases contain huge amounts of personal information that comes from all types of transactions, not just from consumer Internet purchases, he said.
