CEO Sharon Price John says Build-A-Bear’s old e-commerce system is a big reason for disappointing online sales in December.
Just when polls show consumers growing more comfortable with shopping on the Web, along comes Maxus to bend the trend. The alleged hacker of CDUniverse claims to have stolen as many as 300,000 credit card numbers from the site, the online music subsidiary of entertainment site eUniverse, Wallingford, Conn. Maxus, who says he’s an 18-year-old Russian, then posted some of those numbers on the Web after eUniverse refused to pay $100,000 in ransom.
Richard M. Smith, an independent Internet consultant, says he’s corresponded with Maxus, who told him that he’s broken into several other e-commerce sites and taken credit card numbers to sell on the Internet. Smith says Maxus uses a Canadian e-mail service, along with various other Web services and proxy servers. Hackers who trade credit card numbers on the Web are known as carders.
In response to the break in, eUniverse has hired a tech security firm to review its procedures. It also is working with major credit card companies to limit losses or inconvenience associated with the theft. The FBI is investigating, too.
The break-in has sounded new alarms over the safety of online shopping. In fact, as the news broke, New York-based Cyber Dialogue released a study showing that women are more reluctant than men to shop online for security reasons. Yet even security experts say the theft will do little to slow the momentum of Internet retailing. “Most consumers have a short memory span,” says Elias Levy, chief technology officer at Security Focus, San Mateo, Calif.
CDUniverse likely will bear the brunt, says Ted Julian, founder and vice president of marketing and business development for @Stake, an Internet security firm in Cambridge, Mass. Retailers, he adds, should be more concerned than consumers about hacking. Most card issuers limit consumer liability to $50, he points out, and few collect even that. “But it’s certainly conceivable that CDUniverse might go out of business,” he adds. “That’s where the risk lies.”
Neither Julian or Levy would speculate on how Maxus breached CDUniverse, but they recommend e-retailers segregate data and work more closely with security advisers. “Merchants need to assess their data architecture,” Levy says. “They need to make sure secure information is stored on a separate machine from the Web server.”