Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Solutions Suffers Massive Data Breach

Posted by Soulskill on from the is-there-a-prescription-for-that dept.

dasButcher writes "Network Solutions, the domain registration and hosting service company, suffered a massive security breach that lasted three months and exposed tens of thousands of credit card numbers of its customers and of the businesses that use its hosting and online payment processing service. The company is just beginning the victim notification process. 'There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.'"

6 of 70 comments (clear)

  1. Why hold this data? by Anonymous Coward · · Score: 4, Insightful

    Why.. I mean WHY?

    Why hold this data, are they all retarded? Its not their data to hold..once you send the transaction to visa and it is accepted, this information should be PURGED. Period.

    1. Re:Why hold this data? by Xelios · · Score: 3, Insightful

      Because data is valuable, and most companies wouldn't delete anything without being forced to. I keep telling myself that maybe breaches like this will convince other companies to purge this kind of data when it's no longer needed, but so far it seems that greed still has the upper hand here. Can't say I'm surprised though.

      --
      Murphey's fighting Occam, and we're in the stands.
    2. Re:Why hold this data? by burkmat · · Score: 2, Insightful

      Who says they hold the data?
      Both the summary and the first paragraph of TFA suggests the malicious code simply intercepted the data that passed the infected servers these past 3 months.

      I guess /. is moving from not reading TFA, to not reading TF summary, to simply commenting on headlines...

  2. Released/posted at 7pm on a Friday? by xxxJonBoyxxx · · Score: 5, Insightful

    Released/posted after close of business on a Friday? I'd say this is part of a coordinated effort to say as little as possible about this.

    BTW, a better/original story link is here:
    http://voices.washingtonpost.com/securityfix/

  3. Re:Big companies by ScrewMaster · · Score: 4, Insightful

    This is exactly why you dont go with the *HUGE* companies. Theres a huge possibility that someone somewhere will target it and get around their security. It just takes one hack and all customers are affected. Security by obscurity is not always such a bad idea; go with the small ones who also can do their shit, and aren't such a big target.

    Small registrars can suck just as much as the big ones. All you can do is go by reputation: unfortunately, by the time a company has gotten popular enough to gain a good reputation, it probably has begun to start thinking more about money than quality.

    --
    The higher the technology, the sharper that two-edged sword.
  4. storing credit card information on the InterTUBES by viralMeme · · Score: 4, Insightful

    "After conducting an analysis with the assistance of outside experts, we determined that the unauthorized code may have been used to transfer data on certain transactions on approximately 4,343 of our more than 10,000 merchant websites to servers outside the company. On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information "

    At this stage of the game, what are these supreme innovators doing storing raw credit card numbers on a publicly accessible web server. And what's even more incredulous is that no one noticed. Where are all these magic intrusion detection systems. I mean the average ISP has more security in place. Have they been, like Rip Van Winkle, asleep for the past twenty years ..