Hackers broke into several merchant sites that use a type of shopping cart software, leading to consumer credit card breaches.
Some merchants using PDG Software's shopping cart program were subject to an attack by “an unknown group of hackers” in early April, said David Snyder, president of PDG in Atlanta.
After he discovered that credit card information had been breached, Snyder turned the information over to the FBI. He declined to give many details of the case, pending the agency's investigation. The FBI would not name the merchants affected.
PDG notified its 4,000 merchant customers about the problem and advised them to download the patch for the software, available on its site. The National Infrastructure Protection Center, a government agency within the FBI, advised merchants to get the patch immediately.
“The NIPC is aware that the vulnerability has already resulted in compromise and theft of important information, including customer data,” the agency said.
This is PDG's first case of “malicious hacking,” Snyder said, and he does not believe it is a software flaw. “It was no fault of PDG. We thoroughly test our software,” he said.
In a similar incident, a hacker boasted to MSNBC in late March that he stole account names, passwords and credit card information from 46,000 clients of Web hosting company ADDR.com. MSNBC confirmed that some of the customers had found fraudulent orders on their credit cards. Experthosting.com, a competing Web hosting firm, e-mailed the MSNBC article to ADDR customers and urged them to switch companies.
The credit card breaches are just the latest in a series of security hacks causing concern among online retailers and government agencies.
In early April, the FBI said Russian and Ukrainian hackers have stolen more than 1 million credit card numbers from 40 American e-businesses in recent months. The hackers threaten to post the customer data on the Web unless the firms hire hackers to secure their sites. Companies using Windows NT and some Unix systems were particularly vulnerable.
On April 5, the House Subcommittee on Oversight and Investigations released a report showing that hackers gained control of 155 government computer systems in 2000. The Commerce Department found more than 5,000 security holes in its systems. The report also cited 124 weaknesses on government and contractor computers at the Health Care Financing Administration, which controls Medicare. Investigators are still trying to determine whether data have been stolen or changed.
Warner Bros. said a hacker stole an e-mail newsletter mailing list for one of its TV shows from its site in early April. The hacker sent the list subscribers an e-mail for a multilevel marketing scheme.
Bibliofind.com recently told customers that their credit card data were exposed to hack attacks over a period of four months.
And, thanks to flaws in shopping cart software, shoppers have been able to enter multiple coupon codes and receive deeply discounted products at iGo.com, Macys.com and other sites.