[22836] in bugtraq
Re: INCIDENT: WebCertificate.com hacked
daemon@ATHENA.MIT.EDU (Brett Glass)
Thu Oct 11 16:19:13 2001
Message-Id: <4.3.2.7.2.20011011112013.04cb2f00@localhost>
Date: Thu, 11 Oct 2001 11:23:15 -0600
To: "Simon Gales" <simongales@home.com>, <bugtraq@securityfocus.com>
From: Brett Glass <brett@lariat.org>
Cc: <aleph1@securityfocus.com>
In-Reply-To: <000701c15254$4fc36320$010110ac@sgales>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 06:57 AM 10/11/2001, Simon Gales wrote:
>I received the following email this morning (appropriately cleansed):
>
>[SNIP]
>
>I've notified privacy@webcertificate.com and VISA, and am awaiting their
>response.
FYI:
The number that is claimed to be a "credit card" number in these
malicious e-mails is not one. It's the serial number of a
"Webcertificate." There is therefore no reason to notify your
credit card issuer. The vendor knows which numbers were
compromised and has invalidated them already, so there is no
risk of theft. Users will receive new certificate numbers and
will not lose credt from their accounts.
--Brett
