Feeds

Network Solutions breach exposed 500k card accounts

The case of the 3-month hack

SANS - Survey on application security programs

A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday.

The unauthorized software was in place from March 12 to June 8 and affected transactions Network Solutions processed on behalf of 4,343 merchant websites that mostly belonged to small businesses, spokeswoman Susan Wade said. While the company discovered the software in early June, it waited until the close of business Friday to disclose the breach. Wade said it took until July 13 for forensics investigators to crack the code and understand how it worked.

"We have been working around the clock to get this announcement ready," she told The Register. "We're really making an effort to be forthcoming. This is really tough on our customers that were impacted, and we feel very badly."

Network Solutions is working with undisclosed law enforcement agencies to figure out who is responsible for the breach and how it happened. In all details for 573,928 card holders may have been siphoned in the attack, which affected different merchant websites at different times over the three-month period that the rogue software was in place.

So far, there are no indications that any of the exposed cards have been misused.

Network Solutions has offered to foot the bill for notifying affected cardholders so those costs don't have to be born by the merchants who used the company's e-commerce service. In Most US states, laws require such notices to be made when breaches are discovered that expose credit card information.

The company is also making 12 months of fraud-monitoring services available free of charge to cardholders whose information was exposed. Affected merchants and cardholders can enroll by visiting this site, which walks them through the process. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.