Online credit-card scare an inside job, Starwave says
Two separate but chilling messages were sent to people who purchased items online from ESPNet or the NBA Store this week. The first anonymous E-mail told shoppers they had been the victims of careless security and that their credit-card numbers and addresses were easily available.
The second message, sent by E-mail and regular mail by the World Wide Web sites' host, Starwave Corp., alerted 2,397 online shoppers that their credit-card information might have been misappropriated.
Starwave said the credit-card information was in a secure, encrypted area that was accessed by an intruder who had the proper password information. "This was not done by a hacker," said Jennifer Yazzolino, a Starwave spokeswoman. "They knew how to get in to the system and unlawfully used classified information." The area that the intruder broke in to was an order-processing system that sends shoppers' orders from each site to 1-800-PRO-TEAM, a Florida fulfillment company.
Following the break-in, Starwave called in the FBI and the U.S. Secret Service to investigate. It has also implemented a new encryption process and changed all system passwords. "We think this is a matter of a password either being used directly by someone involved with the system or passed along directly by someone involved in the system," Yazzolino said.
"We relied too much on human integrity."
|