Hack on e-commerce co. exposes records for 200, 000

[security curmudgeon <jericho () attrition org>]

(This article appears to have more info)

http://www.theregister.co.uk/2010/06/04/digital_river_hack/

Hack on e-commerce co. exposes records for 200,000
'Highly unusual search command'
By Dan Goodin in San Francisco
Posted in Security, 4th June 2010 23:33 GMT

E-commerce company Digital River exposed data belonging to almost 200,000 
individuals after hackers executed a .highly unusual search command. 
against its secured servers, according to a news report.

The breach came to light only after a 19-year-old New York man allegedly 
tried to sell the purloined data for as much as $500,000, The Minneapolis 
Star-Tribune reported Friday. After Eric Porat made repeated attempts to 
persuade a company called Media Breakaway to buy the information, company 
officials alerted their counterparts at Digital River, the paper reported, 
citing court documents. A federal grand jury is investigating the matter 
with help from the FBI.

The data contained names, email addresses, websites, and unique 
user-identification numbers for 198,398 individuals. It was originally 
gathered by affiliated marketing companies using software offered by 
Digital Rivers subsidiary Direct Response Technologies and stored on 
password-protected servers.

It was stolen in late January using a .highly unusual. search command. The 
report didn't elaborate.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php