THis is from a old article on 20th March, 2009 what has been mistranslated to german and put on a website.
As the original article this breach is nothing to do with Shopto.net and we take our security very seriously.
The orignal article is here which you will see has no mention of Shopto.net it is a generic 19k of cards found (22k in total). A defunct payment gateway(This could be Paypal, Protx, Visa, Mastercard and so on..) has exposed as many as 19,000 credit card numbers. You will also see that it includes cards like American Express that we do not even cater for.
We ask people to be assured their has been no breach in our security their just has in this case been a mistranslation from English to German and back again.
As a matter of course today we check as we always do everyday our SSL security and upgrade if and when necessary to do so. We found it prudent today with the alarm what has come out from a misinterpreted German article to just update the SSL as a matter of course automatically.
The original article before mistranslation from 20th March 2009..
http://www.itnews.com.au/News/99250,ausmbers.aspx
Quote:
By Ry Crozier
20 March 2009 03:36PM
A defunct payment gateway has exposed as many as 19,000 credit card numbers, including up to 60 Australian numbers.
The discovery by a local IT industry worker was made by mistake.
Apart from being the result of poor security, it may also have been aided by a side-effect of the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone.
The cached data, viewed by iTnews, includes 22,000 credit card numbers, including CVVs, expiry dates, names and addresses.
Up to 19,000 of these numbers could be active. Most are customers in the US and Britain although some are Australian.
The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus.
Within the address bars of the cached pages are URLs of companies, including UK retailers of laboratory supplies, sports and health goods, apparel, photo imaging and clothing.
"I received a Google Alert for a name," said the worker who discovered the problem, speaking on condition of anonymity to iTnews.
"The alert started with a bunch of other numbers, so I went to the web page and it was just a virtual directory listing with a bunch of directories underneath and a load of files inside."
"It looks like the site might have been a payment processing gateway that handled credit card transactions for a bunch of websites before it went belly-up," the worker speculated.
The worker tried to report the find immediately to Visa and Mastercard, which have the lion's share of card numbers, but said neither returned calls.
iTnews has contacted the credit card providers for comment.
"We're investigating this report as a matter of priority, but it's too early to make any further comment," said a spokesperson for Visa.
The information will be handed to police tonight, the worker said.
THe update on this article on 23rd March 2009
Quote:
23 March 2009 03:25PM
Australians whose credit card details and other personal data have been exposed on the public Internet since Friday are yet to be contacted by their credit card merchants or law enforcement authorities.
As reported on iTnews on Friday, the credit card and contact details of some 19,000 people have been discovered sitting in the cache of a popular search engine.
Within hours of the attack, representatives from both the Australian Federal Police and Visa told iTnews they would be investigating the matter.
As of 3pm today (Monday, March 23, 2009), the details remain available on the public Internet for viewing.
Today iTnews took the opportunity to contact a sample of affected Australian customers.
One couple from Perth, Western Australia, recognised one of the names of the UK apparel e-tailers listed on the site as a place from which they have purchased goods in the past.
The two British ex-pats said they had heard nothing from their bank, credit card company or law enforcement, and went about checking their bank statements for irregularities.
Another affected customer, a young girl from Victoria, said she had heard nothing and expressed some relief that in her case, the credit card in question had recently expired.
Representatives from the Australian Federal Police promise to update iTnews before day's end.
The article then made to other sites on 30th March, 2009 mainly UK (where the German Google link came about mentioning no sites just stressing 19k was stolen)
http://www.pcworld.com/businesscenter/acards.html
Quote:
The credit card details of 19,000 Britans who shopped online were freely and briefly available on Google, it has been revealed.
Anyone using the search engine could have easily accessed not only the name and addresses of thousands of Visa, Mastercard, and American Express card holders, but also the full card details too.
It is thought cybercriminals accidentally made the information live during a bid to sell the credit card details to other online criminals.
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.
An APACS spokesman told The Telegraph: "The data was originally posted on an unsecured server in Vietnam used by criminal gangs. The site was closed down in February but the information remained available on a 'cached' version of the page on Google, which stores historical snapshots of Websites even after they are removed."
Google confirmed the information has since been removed.
This has then been mistranslated to German and used on a Google link that 19k of cards got stolen which again we would like to stress is in no way shape or form anything to do with Shopto.net
With regards
Shopto.net
Mode linéaire
