Web Hosting Talk payment system hack revealed

By on
Web Hosting Talk payment system hack revealed

A hacker has dumped active credit card numbers of users of the popular Web Hosting Talk forums online less than 24 hours after the site restored the lion’s share of data deleted in an initial breach.

The latest development is said to have occurred on an old payment system containing 9,561 credit card numbers.

The forum's operators, iNET Interactive, said "current research indicates that that data breach encompassed 318 valid credit card numbers with CCV codes and about 1,900 expired credit card numbers with CCV code".

However, "we are still assessing how many of the 9,561 potentially exposed credit card numbers are valid," administrators said.

Names and expiry dates for the cards are also thought to have been included in the dump.

The credit card hack caps off a torrid three weeks for the forum, which is a regular place of discussion for hosters globally.

The Australian hosting community also participates via its local operation, Webhostingtalk.com.au.

Several participants have been contacted for comment by iTnews, however it is unknown how the breach impacted the local site.

At least one local user has taken the precautionary measure of cancelling their credit card, according to a thread on Whirlpool.

The WHT forum was first compromised on March 21 by a lone hacker that deleted data from operational systems and all offsite backups.

It was restored to an October 2008 version before the site announced Tuesday Australian time that 75 per cent of data, including people's profiles, had been re-instated.

But less than 24 hours later, the hacker re-contacted administrators claiming they had also breached a payment system at the time of the original attack.

The admission is an embarrassment for iNET, which had earlier stated that no credit card data had been compromised.

The latest breach is understood to affect a range of payments prior to December 2007, including premium memberships.

It does not affect customers who paid using other gateways such as Paypal.

"At one point, this system handled all billing related to Web Hosting Talk - display advertising, premium memberships and sticky posts," administrators said.

"We transitioned premium memberships to an updated system in early 2006, and we transitioned display advertising to an updated system in December 2007."

But the system is still used for sales of self-service sticky posts, the administrators said.

Web Hosting Talk has apologised to the community.

"First, we regret the impact this situation [the March breach] continues to have on the WHT community," administrators said.

"We are responsible for maintaining security and privacy, and we take that responsibility very seriously."

The breach comes after an Australian IT worker uncovered a major dump of 19,000 active credit card numbers last month.

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?