Our valued sponsor

Another forum got hacked and credit card information stolen.

Safa

Corporate Services
Jan 26, 2009
236
17
18
54
Israel
Register now
You must login or register to view hidden content on this page.
For some days ago another forum got hacked and this time it was one of the major ones, the problem wasn't the forum itself, god, they have still troubles to rebuild it, however, no the trouble is, that all the credit card information from their paying users was STORED on the servers.


It is against PCI regulations to store any credit card information on the server if you are not PCI compliant itself, it don't matter if the hosting company is compliant, no, the company and their servers need to be PCI complian.


So, it looks like who ever is the technical chief for webhostingtalk.com is an idiot.


The recent hack apparently revealed that iNet (the company that owns webhostingtalk.com) was storing unencrypted credit card details, including CVV codes, in their database.... which was just recently hacked... and stolen... and they didn't even know about it until the hacker told them.


The lesson?


Everyone gets hacked. That isn't the question. Yes, I feel bad for iNet being hacked. It's sucky, but really.. that's not the issue nor is it the lesson here.


The lesson...


Don't be an idiot.


1. If you must store credit card details, then encrypt them before storing them. Only an idiot would store their customer's unencrypted credit card details in a database.


2. DO NOT STORE CVV DETAILS. This is against visa/mc regulations, and is even against the law in some countries. CVV codes may not be used for anything except the transaction of the moment. If you store the cvv code anywhere, then you are not only an idiot, but you are very likely to get banned from ever having a merchant account again.
 
Normally we do not allow to post urls to other forums at all, but in this case it is okay, you have a good point here, and shame on this forum to store the CC information and not be secured.
 
Thank you Admin, I thought it was interisting reading for all :)
 
Thank you for sharing the information, nice reading and hell, people should get their servers secured and don't store any credit card information at all.
 
Register now
You must login or register to view hidden content on this page.