Embattled ISP, RedHotAnt, has admitted that a hacker did breach site security gaining access to names, addresses, passwords and credit card details of some 24,000 subscribers.

In an "urgent" email alert issued yesterday the Kent-based ISP said it was "aware of this serious breach and [was] working closely with all the concerned parties".

The statement said: "We would like to bring your attention to the recent article in the Sunday Times of 25th June 2000 concerning a breach of our security. Yes, we were aware of this serious breach and are working closely with all the concerned parties."

It continued: "Due to the gravity of this situation we have stepped up all security matters and have taken the additional step of ordering a full security audit by an external group of security consultants who shall ensure on going monitoring and testing on all security matters."

The person behind the hack - which reportedly revealed the personal details of senior executives at the BBC, Shell, Barclaycard and others - said he carried out the attack to publicise the site's security flaws.

Last week, director Kevin Packwood told the Sunday Times that he doubted whether allegations about the security breach were true.

"I would be very surprised if somebody could get that far," he said. "Our security measures should have been able to see it happening and alarms would have sounded."

It's now clear that the Sunday Times story was accurate and that RedHotAnt was unaware of the problem.

The positive thing here is that RedHotAnt has recognised the problem and is dealing with it.

However, there is a real fear among some users that if an ethical hacker slipped in and accessed key details without anyone noticing, then who is to say the site's security wasn't compromised before by more malicious-minded individuals?

RedHotAnt was asked to comment but declined the offer. ®