Ecount Rebuffs Hacker's Threat to Expose Customer Information

Share this article:
Online payment firm Ecount thwarted a hacker's threat that he would publicize customer information unless the firm paid him an unspecified amount of money.


The hacker accessed Webcertificate.com accounts from Ecount's servers last month, apparently believing the accounts contained credit card information. Of about 750,000 members, 25 accounts were accessed.


Instead, the accounts likely contained only customers' e-mail addresses, Webcertificate numbers and possibly passwords, said Matt Gillin, CEO of Ecount.


Ecount, Conshohocken, PA, operates Ecount.com and Webcertificate.com. Both sites offer online payment services via MasterCard-branded stored value cards. The services let consumers make online purchases without exposing their credit card numbers or other financial information.


Though Ecount executives could only confirm that 25 accounts were accessed, they issued new account numbers and passwords to all members and blocked former numbers.


"You're receiving this new account number as a security precaution because we have reason to believe that some Webcertificate account information may have been inappropriately accessed," an e-mail to Ecount and Webcertificate customers read. "Before making these changes, we evaluated your transaction history and confirmed that your account has been used properly and only by you."


Ecount customer services also phoned some customers who could not be reached by e-mail with the new account information.


Gillin does not know exactly what customer information the hacker obtained. However, he said the extortion attempt failed because the hacker did not obtain credit card information and, rather than give in to his demands, Ecount executives immediately contacted the FBI. The hacker did not specify how much money he wanted in exchange for not publicizing the customer information, or how he would publicize it.


"Basically, he failed because we never have, nor will, store credit card numbers," Gillin said.


Credit card data is likely the information the hacker thought he had, Gillin said. Webcertificate numbers look similar to credit card numbers, he added.


Ecount also brought in experts from Ernst & Young's Fraud & Security Unit to help identify weaknesses in its servers. Ecount has since added security features to its servers, which Gillin declined to detail, to "make sure this can't happen again."


Gillin does not think Ecount will lose customers over the hack.


"We never considered keeping it quiet, and so far, our customers have expressed appreciation ... for us being very forward and upfront," he said. "My sense is that they viewed it as a clear indication that their trust and security is our top priority."


"The reality is, next time you logged onto your Webcertificate, you would have seen a new number there and would never be the wiser, but we wanted to make sure we were very proactive in our communication," he added.


Gillin is using the foiled extortion attempt to generate positive PR for Ecount's online payment system.


"This attack is a perfect example of why consumers concerned with credit card theft over the Internet should seriously consider using Ecount payment products," he said in a statement from the company.


Meanwhile, the FBI continues to investigate the incident. Ecount was not a specific target of the hacker, who is likely part of a group of sophisticated hackers that attempts credit card theft daily, Gillin said.


Share this article:

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in News

Linda Woolley Steps Down as DMA Chief

Linda Woolley Steps Down as DMA Chief

The Direct Marketing Association board of directors names Benton and Berzan as interim replacements in her roles as CEO and president.

News Byte: Comcast Expanding Global Ad Delivery Through Partnership

News Byte: Comcast Expanding Global Ad Delivery Through ...

Through a partnership with Adstream , Comcast's AdDelivery Service expands its footprint across the globe.

40 Under 40 2014: Nominations Are Now Open!

40 Under 40 2014: Nominations Are Now Open!

It's time to nominate the 2014 crop of young marketing luminaries for Direct Marketing News's 40 Under 40 Awards. The deadline is Friday, June 6, 2014.