WebHostingTalk (WHT) is down; full db released by hackers

[SenseiSteve]

Looks like the saga continues. This morning WHT showed down for maintenance and iNET is also down.

 

[NN-Tyler]

There's been rumors that they have been hacked again, but don't take my word.

 

[NN-Tyler]

I no longer have the interest in WHT I once did because of this whole thing. Guess that's the case with many of us, and a good thing for HD.

Indeed! HD could really take off, esp if WHT got hacked again.

 

[NN-Tyler]

http://search.twitter.com/search?q=webhostingtalk

 

[ayksolutions]

WHT has been down since about 2am or so today (4/7/09) because apparently the hackers that took the db down a few days ago actually managed to grab "all" of the client data, including the credit card details on file. So, if you used a CC to buy any advertising through them and such, make sure to cancel those cards.

 

[SenseiSteve]

Just read through a bunch of twitter posts, so this is very serious

 

[AH-Nick]

Let's hope this gets taken care of and to anybody who may have information exposed my condolences.

 

[Artashes]

Oh my God... I have no words... What the hell do people do now? I assume if Private Messaging information was grabbed, how many members of that forum had sensitive information and conversations?

How did you hear about it, Artyom?

 

[ldcdc]

The official message as it is now on WHT's site:

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised on March 21st.

What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.

What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.

Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.

 

[Artashes]

Indeed! HD could really take off, esp if WHT got hacked again.

WHT has a very well promoted name with tons of backlinks and thousands of members that will be popping right back, so I think it won't take a lot for them to rebuild itself into the busiest place again. Of course its great to have a more balanced media and competition is great for the industry, but its just not as easy as it seems.

http://search.twitter.com/search?q=webhostingtalk

Sorry guys, but are these rumors or official commentaries from iNet? I just don't really know how trustworthy Twitter is in regard to informational credibility. :rolleyes2

I am just starting to learn more details about this event.

 

[SenseiSteve]

Update on WHT

From iNET - the latest status posted on their site

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised on March 21st.

What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

What about premium and corporate members? Or display advertisers?
If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information.

What is WHT and iNET Interactive doing about it?
If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive.

Why is WHT down and when do we expect it to be back up?
We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.

 

[Artashes]

Dan, thanks for the quick update on this incident. I edited your quote for formatting purposes - so its easier to read, I hope you don't mind.

Has there been an apology from iNet yet for inconvenience? Or at least a note saying they regret this happened. Sorry I wasn't following the event as closely. :dknow:

 

[gearworx]

That's just about the scariest thing I have seen so far considering that we have been a member since 2003 and that we've had credit card numbers with them...

 

[gearworx]

Dan, thanks for the quick update on this incident. I edited your quote for formatting purposes - so its easier to read, I hope you don't mind.

Has there been an apology from iNet yet for inconvenience? Or at least a note saying they regret this happened. Sorry I wasn't following the event as closely. :dknow:

Let's wait and see. They're trying to avoid the admittance to fault since there is a potential for legal recourse.

 

[Artashes]

Two threads about the same event merged.

 

[UnderHost]

Hi, this is a copy of my thread posted on DP and WHT forums (WHT forums goes down after i made a support ticket to INeT)

Hi,

WHT are now down for maintenance since i post this thread on WHT also.

The hacker of WHT, have send a part of the database of webhostingtalk on rapidshare and many others site, i think.

anyway i get a copy of this table DB part.

And this is really horrible, WHT can be suitable in court for this, these personal information are (CreditCard) not coded, db part have 1454 users cc numbers from WHT db table called "creditcard" for premium members.


This is a small copy ( i have changed the line credit card info ) its surely a big problem on the WHT arms for the moments.

# Dumped by NEGRO SHELL.
# Home page: http://negro.com
#
# Host settings:
# MySQL version: (4.0.27-standard-log) running on 69.20.126.7 (www.webhostingtalk.com)
# Date: ##/##/####
# DB: "ioms"
#---------------------------------------------------------
DROP TABLE IF EXISTS `creditcard`;
CREATE TABLE `creditcard` (
`card_id` int(11) NOT NULL auto_increment,
`account_id` int(11) NOT NULL default '0',
`address_id` int(11) NOT NULL default '0',
`cardnumber` bigint(20) NOT NULL default '0',
`expdate` varchar(10) NOT NULL default '',
`cardcode` varchar(5) NOT NULL default '0',
`issueingbank` varchar(50) NOT NULL default '',
`nameoncard` varchar(50) NOT NULL default '',
`status` enum('valid','removed','modified','fraud','chargeback','other') NOT NULL default 'valid',
`friendlyname` varchar(100) NOT NULL default '',
`admin_note_id` int(11) NOT NULL default '0',
`customer_note_id` int(11) NOT NULL default '0',
`creation_timestamp` bigint(20) NOT NULL default '0',
`creation_session_id` int(11) NOT NULL default '0',
`modify_timestamp` bigint(20) NOT NULL default '0',
`modify_session_id` int(11) NOT NULL default '0',
`removal_timestamp` bigint(20) NOT NULL default '0',
`removal_session_id` int(11) NOT NULL default '0',
PRIMARY KEY (`card_id`),
KEY `account_id` (`account_id`,`address_id`,`cardnumber`)
) TYPE=MyISAM PACK_KEYS=0;

('1', '31', '3', '551061035543668', '7/2012', '143', 'Compass Bank', 'Max M Oneil', 'valid', 'Compass Bank', '0', '0', '1074282270', '144', '0', '0', '0', '0');

if you have premium or only account WHT, check your password and bank billing.

i am also able to find my users in the database.... just need the salt files and i got my password.. from the hash..

 

[UnderHost]

Update from INET:

UPDATE: 4:24pm est 04/07/09

We have contacted all major credit card companies and are awaiting their guidance. It should be noted that card holders will not be held liable for any fraudulent purchase made using their credit card.

UPDATE: 4:34pm est 04/07/09

It has been brought to our attention that any WHT Premium memberships purchased PRIOR to 2006 would be included in the exploited credit card details.

 

[JLondon]

This is definitely not a fun issue to deal with. I'm glad to see that they have a professional method of handling this, if they didn't the results could be disastrous. There have been a lot of popular forums hacked recently, so WHT is not the only victim out there to see this happen. Let's hope that they start getting cracked down on.

 

[Artashes]

i am also able to find my users in the database.... just need the salt files and i got my password.. from the hash..

Are you saying that passwords are that easily readable?? I always was under the impression that an application like vBulletin would use good encryption code to protect passwords? :uhh:

 

[ldcdc]

Sorry I wasn't following the event as closely.

I followed it closely enough I think, but can't recall if apologies were issued. It wasn't something I was paying special attention to, personally. I was much more interested in stuff like when WHT would get back its missing data for example.