Feeds

Amazon division hacked, thousands of CCs exposed

Door wide open for 4 months

  • alert
  • submit to reddit

Top three mobile application threats

Intruders found their way into Amazon division Bibliofind, which hooks up buyers and sellers of rare or out-of-print books, and maintained convenient access to a database of 98,000 customer accounts for about four months.

The intruders are believed to have downloaded the company's customer records, including credit card details, names and addresses, though the company denies that any of the credit cards have since been used fraudulently.

Incredibly, the company remained blithely ignorant of its problem, which began in October and continued until some time last week when its admins finally gained consciousness and discovered it. Apparently, the site was defaced not long ago, and this event triggered a much-needed peek at the server logs.

Bibliofind closed its Web site on Friday as a precaution against getting rooted again while it tries to shore up its defences.

"We are working to bring the Bibliofind service back into operation shortly. We apologize for any inconvenience this may cause you," the company said brightly in an e-mail memo to its customers.

It is not known whether the person who defaced the site, and consequently inspired the company to observe that its arse was exposed to the known universe, has been rewarded for his or her crucial contribution to Bibliofind's future security. ®

Story Update

Amazon, despite denials, was warned about hack

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.