Ecount Rebuffs Hacker's Threat to Expose Customer Information

Share this content:
Online payment firm Ecount thwarted a hacker's threat that he would publicize customer information unless the firm paid him an unspecified amount of money.

The hacker accessed accounts from Ecount's servers last month, apparently believing the accounts contained credit card information. Of about 750,000 members, 25 accounts were accessed.

Instead, the accounts likely contained only customers' e-mail addresses, Webcertificate numbers and possibly passwords, said Matt Gillin, CEO of Ecount.

Ecount, Conshohocken, PA, operates and Both sites offer online payment services via MasterCard-branded stored value cards. The services let consumers make online purchases without exposing their credit card numbers or other financial information.

Though Ecount executives could only confirm that 25 accounts were accessed, they issued new account numbers and passwords to all members and blocked former numbers.

"You're receiving this new account number as a security precaution because we have reason to believe that some Webcertificate account information may have been inappropriately accessed," an e-mail to Ecount and Webcertificate customers read. "Before making these changes, we evaluated your transaction history and confirmed that your account has been used properly and only by you."

Ecount customer services also phoned some customers who could not be reached by e-mail with the new account information.

Gillin does not know exactly what customer information the hacker obtained. However, he said the extortion attempt failed because the hacker did not obtain credit card information and, rather than give in to his demands, Ecount executives immediately contacted the FBI. The hacker did not specify how much money he wanted in exchange for not publicizing the customer information, or how he would publicize it.

"Basically, he failed because we never have, nor will, store credit card numbers," Gillin said.

Credit card data is likely the information the hacker thought he had, Gillin said. Webcertificate numbers look similar to credit card numbers, he added.

Ecount also brought in experts from Ernst & Young's Fraud & Security Unit to help identify weaknesses in its servers. Ecount has since added security features to its servers, which Gillin declined to detail, to "make sure this can't happen again."

Gillin does not think Ecount will lose customers over the hack.

"We never considered keeping it quiet, and so far, our customers have expressed appreciation ... for us being very forward and upfront," he said. "My sense is that they viewed it as a clear indication that their trust and security is our top priority."

"The reality is, next time you logged onto your Webcertificate, you would have seen a new number there and would never be the wiser, but we wanted to make sure we were very proactive in our communication," he added.

Gillin is using the foiled extortion attempt to generate positive PR for Ecount's online payment system.

"This attack is a perfect example of why consumers concerned with credit card theft over the Internet should seriously consider using Ecount payment products," he said in a statement from the company.

Meanwhile, the FBI continues to investigate the incident. Ecount was not a specific target of the hacker, who is likely part of a group of sophisticated hackers that attempts credit card theft daily, Gillin said.

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above