Playboy says hacker stole customer info

[InfoSec News <isn () c4i org>]

Forwarded by: Justin Lundy <jbl () subterrain net>

http://news.cnet.com/news/0-1007-200-7932825.html?tag=mn_hd

By Greg Sandoval and Robert Lemos
Staff Writers, CNET News.com 
November 20, 2001, 11:50 a.m. PT 

Playboy.com has alerted customers that an intruder broke into its Web
site and obtained some customer information, including credit card
numbers.

The online unit of the nearly 50-year-old men's magazine said in an
e-mail to customers that it believed a hacker accessed "a portion" of
Playboy.com's computer systems. In the e-mail, a copy of which was
reviewed by CNET News.com, Playboy.com President Larry Lux did not
disclose how many customers might have been affected.

Playboy.com encouraged customers to contact their credit card
companies to check for unauthorized charges. New York-based
Playboy.com also said it reported the incident to law enforcement
officials and hired a security expert to audit its computer systems
and analyze the incident.

"Unfortunately, Playboy is only one of a number of high-profile
companies who have been subjected to this kind of malicious hacking,"
Lux said in the e-mail.

Lux is right. Fraud continues to plague online stores, as much as or
more than it does stores in the brick-and-mortar world. Web thieves
who hack into Web stores to pilfer credit card numbers and then go on
shopping sprees have led banks in some cases to charge higher fees to
service credit card transactions on the Web.

The number of hacking incidents also undermines the public's trust in
e-commerce, analysts have said.

Playboy.com learned of the breach after a person claiming access to
its systems and customer information began e-mailing customers Sunday
night. Although Playboy.com did not say when the intruder first got
into the site, the hacker in the e-mail claimed to have had access
since 1998.

Five Playboy.com customers told CNET News.com that they saw the e-mail
after logging in Monday morning. All five said the message included
their credit card information and expiration date.

Ernie Brooks, who bought a wedding gift from Playboy.com's Web store
three months ago, said he thought the e-mail was a joke--until he got
to the part telling him his "personal details" were below. Indeed,
there was his credit card number and expiration date.

Stunned, Brooks said he called his bank to cancel the card. "Nobody
charged anything on it, but I'm going on vacation on Wednesday and now
I don't have a credit card," he said.

Another who received the e-mail--a graduate student who bought some
items on the site for his wife over a year ago--said he has always
worried about Internet security and whether his credit card
information is safe.

"I do most of my shopping online, so it's a big concern," he said. "It
will be some time before I trust Playboy again."

Playboy.com's e-mail to customers included a number to call for
further information: 800-993-6339.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.