WebHostingTalk Database Compromised with Credit Card Stolen

Started work at 9:30am this morning and saw Ross’ Twitter status:

Twitter Status

Wasn’t their database compromised, offsite backup erased, and hashed password stolen about two weeks ago? So I headed to WebHostingTalk, and got the iNET’s web page instead with status updates. It’s not looking good.

What data was compromised?
At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007.

You’ll get a lot more discussion on this matter from other web hosting related forums. Some have been able to download the entire creditcard table with name, card number, CCV number, etc attached. Some have claimed that some number have already been used in China. With hashed-password stolen, it’s already quite possible to run dictionary attack on those foolish enough to reuse passwords across multiple sites (LxLabs’ billing system got compromised for example). With subscribers’ CC details stolen — it must suck to be iNET right now.