E-Commerce Times Talkback

ECT News Community » E-Commerce Times Talkback »

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Lori Enos 2001-08-28 11:31:43

Online payments provider Ecount confirmed to the E-Commerce Times on Monday night
that a hacker or hackers breached security at its Web payment site, Webcertificate.com.

"We have reason to believe someone inappropriately accessed data," Ecount chief executive
officer and president Matt Gillin told the E-Commerce Times. However, Gillin stressed that
no customer credit card numbers were at risk, because Webcertificate does not store
credit card numbers on its servers.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: IamJama 2002-02-20 20:14:12 In reply to: Lori Enos

I also received this email twice. Now I have these strange $39.00 charges coming out of my bank acct. They are ACH and my bank can not trace them. I am almost sure they are unrelated, but of course these old emails came to mind when I found strange charges to my acct. I am going to the bank tomorrow to cancel the charges. Has anyone ACTUALLY had money taken? Again, these are probably unrelated, but I am curious if anyone lost money. I have emailed webcertificate.com but I am waiting to get a response.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: K. Erbland 2001-12-30 17:51:18 In reply to: Lori Enos

Sorry, I think eCount and WebCertificate are negligent for not posting a notice on their sites regarding the break-in and not notifying ALL of their customers.

I received an email from the hacker but I have not heard a thing from eCount or Webcertificate.

Big Thumbs Down for 2001 eCommerce goof of the year!

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: M. Anon 2002-01-01 03:33:38 In reply to: K. Erbland

Yes, I received the message today, months after it was originally posted by webcertificate. Only 25 accounts accessed? What a lie. And they had all the right info.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Dee Jay 2001-10-11 20:47:26 In reply to: Lori Enos

I got the notice this afternoon but Mr. Zilterio didn't have my correct credit card number. He did, however, have my current address. But I'm curious how many of you just assumed that it was your credit card number and didn't check?

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Becky J. 2001-10-12 00:35:51 In reply to: Dee Jay

I got the message from Zilterio today as well. Note that the article here is dated August 28, 2001. Makes me wonder if we're "round two" of the hacking...like maybe it was only 25 people at the end of August, but it's who knows how many now. As for the "credit card number", I knew right away that it wasn't really my credit card number, but I have no idea if it was my "webcertificate Master Card" number since I don't know what it is. I do believe the expiration date quoted in the email corresponded with the expiration date assigned to me by webcertificate. I'm really upset, even though there was only spare change on my webcertificate account, because my home addy is unpublished and generally can't be gotten by just anybody. And I haven't received *anything* from webcertificate, no notice of what's going on, and not even an email that they said I would receive when I tried to log on. I tried to log on and it wouldn't let me and it said they were sending me a new temporary password that would allow me to log on, but I've gotten nothing. Grrrr!

Becky

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: harry29 2001-10-12 23:50:21 In reply to: Becky J.

Just another troll. Someone with too much time on their hands.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: ML 2001-10-11 17:50:17 In reply to: Lori Enos

I got the email today also. Seems odd that Webcertificate claims only 25 accounts were accessed considering there are three of us right here already.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Ross Currie 2001-10-11 12:02:05 In reply to: Lori Enos

A word to the wise... If an e-commerce site claims to be "100% secure" don't give them any of your private info! Especially credit card numbers!

Anyone who claims to be "100% secure" is either lying or incompetent. There is no such thing as a 100% secure server, they are running all sorts of third-party software that they have never audited for security flaws.

Conspicuously absent from their website and the response as reported in this article is the remedy. What exactly have they done to fix the problem? We have only their word that they did anything, and of course they don't say how they were hacked. The only reasons I can think to not say how you were hacked would be because A) you haven't fixed the hole yet, or B) you're embarrassed/afraid of liability for your own incompetence.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Jim 2001-10-11 16:59:25 In reply to: Ross Currie

I got the same message from Mr. Zilterio. Anyone else notice that his website is
just a front for one of a million register-your-domain-here sites?

I'm sending the message to privacy@webcertificate.com, and I'd encourage everyone
else to do the same (as an earlier poster also said).

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: Simon Gales 2001-10-11 08:49:43 In reply to: Lori Enos

I received the following email this morning (cleansed to protect myself):

>> Dear Simon Gales
>>
>> I hate to inform you that your account
>> has been hacked on webcertificate.com and
>> ecount.com. These sites have very weak
>> security protection system and the database
>> with credit cards and other personal information
>> is not protected at all. Your personal details:
>>
>> 111 Spartacus court
>> Cary NC 11111 US
>>
>> Your credit card information:
>>
>> 1111111111111111
>> expiration time: 11/11/11 1:11:11 PM
>>
>> We offered them our help many times. But top
>> management of webcertificate.com and ecount.com
>> don't care about their customers - you. They
>> care only about their money.
>>
>> zilterio
>> www.zilterio.com
>>

While I certainly don't condone Mr. Zilterio's methods, it does appear that confidential information WAS stolen from WebCertificate.com's site.
Has anyone else gotten an email like this, how many of us are there?

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: TJ 2001-10-11 12:01:03 In reply to: Simon Gales

I got the same message this morning.

Re: Hacker Breaches Payments Site Webcertificate.com
Posted by: J. Forman 2001-10-11 11:38:35 In reply to: Simon Gales

Simon,

I got an identical email this morning (well, with my name and address, of course).

I'm not worried though, since 1) the company reset all the account numbers as soon as they knew they'd been hacked 2) I only had $5 in my account and 3) Pretty much anyone can find out my street address anyway.

I went to the Webcertificate Help page and sent them an email, pasting in a copy of Mr. Zilterio's email, headers and all, and I recommend that you do the same. Hopefully they will at least complain to his ISP and get his account canceled!