I received the following email this morning (appropriately cleansed): >> Dear Simon Gales >> >> I hate to inform you that your account >> has been hacked on webcertificate.com and >> ecount.com. These sites have very weak >> security protection system and the database >> with credit cards and other personal information >> is not protected at all. Your personal details: >> >> 123 Spartacus lane >> Cary IL 23456 US >> >> Your credit card information: >> >> 1111111111111111 >> expiration time: 10/11/12 1:23:45 PM >> >> We offered them our help many times. But top >> management of webcertificate.com and ecount.com >> don't care about their customers - you. They >> care only about their money. >> >> zilterio >> www.zilterio.com >> I've notified privacy@webcertificate.com and VISA, and am awaiting their response. Since they've apparently already been informed (albeit in a questionable manner) and customer information already disclosed, I felt it appropriate to forward this on to BugTraq. Related: http://www.ecommercetimes.com/perl/story/13147.html Administrivia - the FAQ link sent in the WELCOME email after subscribing to BugTraq is incorrect (http://www.securityfocus.com/forums/bugtraq/faq.html) and yields a 404 error. Also, the address for submitting email to the BugTraq mailing list could be made a little clearer in that Welcome email. -Simon
