E-commerce sites lose credit-card data to cracker

A computer hacker has breached the security of the SalesGate.com and other sites, stealing credit-card numbers and posting them on the Internet.

"We have confirmed that there was entry to our server by a hacker," said Christopher Keller, founder of SalesGate, which is owned by Internet Management Services. "Not all the accounts were affected. We know which ones were affected and we notified the customers and the issuing bank immediately after (we had) confirmation of the (security breach)."

Keller, who declined to say exactly when the breach occurred, said the company was working with federal authorities. He said more details about the security breach would be released at a future date.

Founded in the fall of 1996, SalesGate offers itself as an online sales site for small and large businesses that protects the user's personal information, according to the company's Web site.

The breach is the work of a cracker who claims to have hit nearly a dozen e-commerce sites, stolen credit-card numbers and posted them on his own Web site, according to Chris Davis, a partner of Tyger Team Consulting, an Ontario-based Web security company.

The cracker, whose Web page was titled "Curador - The Saint Of E-Commerce?," posted some 6,000 credit-card numbers and claimed to have more than 23,000. Among other sites Curador hit, listed on the site, were Feelgoodfalls.com, Promobility.com and Shoppingthailand.com.

The Web site, paid for with a stolen credit card, was shut down this week, Davis said.

"I'm not seeing it, but that doesn't mean he's not still (cracking sites)," Davis said.

Davis said Curador is exploiting security holes in Microsoft software that haven't been fixed and that investigators in Canada, Thailand, the UK and US are pursuing him.

The attack on SalesGate comes in the midst of heightened awareness of online breach of security issues.

In January the Federal Bureau of Investigation launched an investigation into the theft of credit-card numbers from CD Universe.

In addition, the FBI is investigating recent denial-of-service attacks against a number of Internet sites including eBay, Yahoo, Amazon.com, CNN.com, and ETrade Group. And on February 18, the FBI's Web site was hit with its second denial-of-service attack that lasted several hours. The first attack occurred last spring.

Join the newsletter!

Error: Please check your email address.

More about Amazon.comCD UniverseCNNeBayETRADE AustraliaFBIFederal Bureau of InvestigationMicrosoftPromobilitySalesGateWeb SecurityYahoo

Show Comments