CreditCards.com
database stolen |
|
Card
numbers posted on various Web sites |
|
|
The
hacker's Web site, where he published the credit card
numbers.
|
|
|
By
Bob Sullivan and Mike Brunker
MSNBC
|
|
Dec.
12 —
A
computer hacker has stolen a database of credit card
numbers from CreditCards.com and posted them on several
Internet sites. The Los Angeles-based merchant processing
company told MSNBC.com today that the break-in actually
occurred four months ago and the hacker has been trying to
extort the firm ever since. |
WHILE
THE COMPUTER intruder claims to have taken 55,000 credit
cards from CreditCards.com, the company actually says the
number of real victims is much smaller. Michael Butts,
executive of operations at the company, said many of the
numbers taken were actually test numbers. He said he would
not estimate the number of real victims, but described the
hacker as “a Russian.”
MSNBC learned of the
heist from a victim — a consumer who was contacted by
the computer intruder and warned that three Web pages were
recently published revealing the database to any Internet
user. On Tuesday morning, one of the Web pages was still
visible.
Butts said his
company contacted the FBI immediately on receiving an
extortion demand from the hacker, but it did not contact
any customers. |
|
“They
weren’t compromised,” Butts said, adding that there
was no evidence the stolen card numbers had been used for
any fraudulent purchases.
A VICTIM
SPEAKS
But MSNBC.com was
able to find a potential victim within a few moments of
seeing the database.
MSNBC.com confirmed
that several of the names and card numbers listed in the
database were legitimate.
One of those victims,
Elizabeth McCabe of Des Plaines, Ill., canceled her credit
card after noticing a fraudulent transaction two months
ago.
“I got a
confirmation e-mail from the Worldwide Wrestling
Federation thanking me for my order,” she said. “It
was for something that was being shipped to the Philipines
— $350 worth of hats and things.” |
The
victim who originally contacted MSNBC, Michael Sayres,
called the company this week to complain and was surprised
that it had no intention of contacting customers.
“It was explained
to me that I would need to contact my credit card company
and cancel my card,” Sayres said in an e-mail. “It
appears they have no responsibility with this problem!”
As a merchant
processor, CreditCards.com is a go-between that connects
small merchants and banks. According to Butts, the firm is
small, with only a couple of hundred merchants — most
Internet sites.
On the Web site that
revealed the credit cards, the criminal was direct about
his extortion scheme: |
|
“Michael
Butts says I need to talk to Michael Stankewitz from COO
[sic]...I told him tjat O want to help creditcards.com, he
had my price and he knew my deal,” the Web page reads.
“He knew what kind of information we had from their
servers. I would destroy it all after the agreement was
made and provide network security.
“Now, I didn’t
receive any payment from creditcards.com and I am going to
make them bankrupt.”
Word of the extortion
comes nearly a year after thousands of credit card numbers
were stolen from CDUniverse.com and posted to the Internet
in a failed extortion plot that embarrassed the company. |
|
|