Hosting outfit Network Solutions has uncovered an embarrassing security breach which may have compromised more than 4,000 hosted e-commerce websites – and given crackers access to over 570,000 credit card details.
According to V3.co.uk
the admission comes as Network Solutions “identified unauthorised code on servers supporting some of our e-commerce merchants' web sites.
It is believed that the code was used on around 4,343 of the 10,000-some e-commerce sites hosted by the company to transfer transaction information – including credit card details – to an outside agency, resulting in the loss of around 573,928 shoppers' details. It is thought that only sites based in the US were targeted in the attack.
Network Solutions has set up a website
for anyone who suspects they may be a victim – both consumer and merchant – which claims that the company has received “no reports or other reasons to believe that your credit card account information has been misused.
” To help mitigate the risk, however, the company is offering a one-year membership to credit monitoring from TransUnion to those affected – although only if the merchant used chooses to “participate in the program
Merchants affected by the breach have reacted with anger, not helped by the fact that issues with the company's hosting platforms have prevented them from downloading a list of affected customers. According to the company's blog
regarding the incident, Network Solutions customers demanded a change to the notification letter which the company is to send out in order to make it clearer that it is an issue resulting from Network Solutions, not the merchant. For some, even this isn't enough: comments
reveal that merchants are looking to distance themselves from the breach as much as possible.
This isn't the first time crackers have been responsible for a major leak of credit card details, of course: those behind the infamous TJX crack
were charged last year with the theft of 40 million
credit card details. Despite the Network Solutions breach being relatively minor, it still proves that e-commerce is not without its risks.
Have any of our US customers received a letter alerting them to possible theft of credit card details? Should Network Solutions – and the merchants – be doing more to protect those affected by the breach? Share your thoughts over in the forums