December 26, 2000, 9:55 AM

The hack heard `round the Web

Don Davis

Editor in Chief

Just when polls show consumers growing more comfortable with shopping on the Web, along comes Maxus to bend the trend. The alleged hacker of CDUniverse claims to have stolen as many as 300,000 credit card numbers from the site, the online music subsidiary of entertainment site eUniverse, Wallingford, Conn. Maxus, who says he’s an 18-year-old Russian, then posted some of those numbers on the Web after eUniverse refused to pay $100,000 in ransom.

Richard M. Smith, an independent Internet consultant, says he’s corresponded with Maxus, who told him that he’s broken into several other e-commerce sites and taken credit card numbers to sell on the Internet. Smith says Maxus uses a Canadian e-mail service, along with various other Web services and proxy servers. Hackers who trade credit card numbers on the Web are known as carders.

In response to the break in, eUniverse has hired a tech security firm to review its procedures. It also is working with major credit card companies to limit losses or inconvenience associated with the theft. The FBI is investigating, too.

The break-in has sounded new alarms over the safety of online shopping. In fact, as the news broke, New York-based Cyber Dialogue released a study showing that women are more reluctant than men to shop online for security reasons. Yet even security experts say the theft will do little to slow the momentum of Internet retailing. “Most consumers have a short memory span,” says Elias Levy, chief technology officer at Security Focus, San Mateo, Calif.

CDUniverse likely will bear the brunt, says Ted Julian, founder and vice president of marketing and business development for @Stake, an Internet security firm in Cambridge, Mass. Retailers, he adds, should be more concerned than consumers about hacking. Most card issuers limit consumer liability to $50, he points out, and few collect even that. “But it’s certainly conceivable that CDUniverse might go out of business,” he adds. “That’s where the risk lies.”

Neither Julian or Levy would speculate on how Maxus breached CDUniverse, but they recommend e-retailers segregate data and work more closely with security advisers. “Merchants need to assess their data architecture,” Levy says. “They need to make sure secure information is stored on a separate machine from the Web server.”


Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!




Relevant Commentary


Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...


Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of that will let customers and Quill ...