The information is only just coming out, but it seems like there has been another massive theft of credit card information from an e-commerce site.
There are a number of troubling parts to this story, and if other e-commerce companies do not learn something from this incident, e-commerce will continue to get more dangerous for users.
It seems as though some hacker or hackers broke into an unnamed e-commerce site in January 1999 and made off with the records of 485,000 credit cards. The theft was discovered only because the perpetrators dumped a copy of the records on a US government Web site, and the copy was discovered during an audit.
I see a number of red flags here. First, why did it take more than a year for the story to break? Keeping this sort of thing secret only protects the people who did it and puts everyone else at risk, particularly other e-commerce sites that may have a similar vulnerability. Tell people so the security holes can get fixed.
Second, the name of the e-commerce site is being kept secret. This puts me at an unknown risk if I were a customer of that site. It also lets the site maintain a false image of competence and safety. At a time in which many surveys show that customers are still very nervous about trusting online sites with credit card information, it seems very counterproductive to hide the event and then, a year later, leak the story. A vendor that lets this type of theft happen should be responsible for all false charges on the stolen cards and the cost everyone incurs from changing their cards. This might just give companies running Web sites another reason for secrecy, but in the long run the secrecy will hurt them badly.
Third, the credit card holders have never been notified that they are at risk. Apparently there is no evidence that the stolen information has led to fraudulent use. But if you don't tell credit card holders that they should look closely at their bills, such unauthorised use may slip through unnoticed if it is relatively small compared to the overall bill. And with information from 485,000 credit cards, one could make out quite well by adding small random charges to many different cards.
But a basic thing I do not understand is why all that information was lying around on a machine that hackers could access. Why aren't these e-commerce sites designed so this information is stored on a secure server, protected by a firewall, with individual records only retrieved when needed by using secure database queries? This may present a slight performance penalty, but that would be better than giving away the store when the next security bug is found in the server software.
The only way this will get fixed is if there is a significant financial threat for poor design and operation. Let's make it so.
Disclaimer: A financial threat for poor design and operation - now there is an idea for Harvard! But the above is my own annoyance.
Bradner is a consultant with Harvard University's University Information Systems. He can be reached at firstname.lastname@example.org.