Massive Porn Buyer Info Leak 251
Anonymous Guy wrote to mention a Wired article that covers the release of information for millions of customers onto the Internet. From the article: "The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included. The breach has broad privacy implications for the victims. Until it was brought low by legal and financial difficulties, iBill was a top credit-card processor for adult entertainment websites."
Weakest Link (Score:4, Interesting)
But they still complain, because their customers and they themselves don't ever notice. Hell at one point I was told by a demanding customer to remove the protections because he said "I'll risk it." I was tempted to show him how insecure he was by remotely accessing his system, getting his list of customer phone numbers, and telling all his customers that he was careless with credit card numbers and their numbers could have easily been stolen from his system.
People are pretty careless about credit card security. It's usually in the name of convenience and visible customer service. Credit card security is invisible service. Being able to purchase something conveniently flies right in the face of having security which just might prevent you from selling something to someone, so some people don't care, as long as they are selling. Owners care once they find out that they'll be issued chargebacks, but individual salesreps will write down every credit card number on a piece of paper if it means making money for them personally.
Visa and Mastercard have the right idea, and in the press release I like how they said that they gave cardsystems a "limited amount of time" to basically get their act together so this doesn't happen again. Education and enforcement of regulations... nice to see an organization, especially one that is a corporation, actually give a damn.
Re:Weakest Link (Score:5, Informative)
Dude, RTFA. They didn't get the credit card numbers. Only personal information like name, phone number, address, email. Not that that's not a big deal, but this isn't a CC number security issue.
Of course, this isn't made clear until way at the end of the article: "Because the information didn't include Social Security, credit-card or driver's-license numbers, no U.S. laws require iBill or the companies for which they provided billing to warn victims."
Re:Weakest Link (Score:4, Interesting)
That plus a few curious slashdotters will probably slow their spam chatter for a few days.
Wired is not credible (Score:3, Funny)
Re:Weakest Link (Score:5, Informative)
My understanding is that most identity theft is still done the old fashion way- with garbage diving etc. When I was in college, I bartended. I could have easily written down every credit card number that was handed to me....
But clearly this is more of a privacy issue. Even if nothing is stolen from me, I would prefer that my name not be associated with porn purchases. But then again, who am I kidding, everyone that meets me just assumes I am into porn. I guess it is my vibe.
Re:Weakest Link (Score:3, Interesting)
Some credit companies have even released the equivilent of a mobile phone top up card for credit cards. You purchace credit, which has a built in expiry date, and simply purchace online before it runs out. The card is reusable.
They are designed primarily for online purchaces, but personally I feel this method will
Re:Weakest Link (Score:5, Funny)
It's because you say things like "I use them all the time for 3 day 1.99 trials".
Re:Weakest Link (Score:2)
Re:Weakest Link-You're fired! (Score:2)
Also, my point about the bar- there was no way, at the bar I worked at, and every bar I have ever worked in, for the customer to watch the bartender swipe the card. Also, not to be an ass, but who is going to follow a waiter, waitress to the bussing station to watch them handle the card?
Re:Weakest Link-You're fired! (Score:2)
Re:Weakest Link-You're fired! (Score:2)
1) You have a bar tab. They ask to hold your credit card while you
and your friends get your fill of cocktails.
This was (and maybe still is) normal practice.
2) When it is time to pay, instead of getting your card back,
they give you another card. You go home drunk and sleep it off.
3) Meanwhile, they give your card to their criminal friends who
go out and spend, spend, spend.
4) After the normal time it takes to detect the lost card, they
re-cycle
Re:Weakest Link-You're fired! (Score:2)
Re:Weakest Link-You're fired! (Score:2)
Re:Weakest Link-You're fired! (Score:2)
Re:Weakest Link-You're fired! (Score:2)
I don't think it was stolen. (Score:5, Interesting)
I also noticed that they're from Deerfield Beach, Florida. Now, something odd about Deerfield Beach is its location [google.com]. It's on the coast of Florida there. That unmarked island on the east side of the map? That would be Grand Bahama. Care to take a guess at what country it lies in?
So my guess is that the company did this legally and by choice. They probably found some bum on the street who didn't ask questions and would like to recieve a paycheck. He's probably also the president of the company with very limited responsibilities and capabilities. They're also probably prepared to give him a briefcase full of $100,000 and a boat to take to Freeport. And also some cute documents for him to sign that might as well say that he shot JFK.
Meanwhile, all the workers and people profiting off the deal claim they had no knowledge.
Re:I don't think it was stolen. (Score:2)
Re:Weakest Link (Score:3, Insightful)
Re:Weakest Link (Score:3, Informative)
Quite Humorous (Score:5, Interesting)
If you care to read more about iBill, you can check out their blog on G Spot [xbiz.com]. I didn't link the blog because it's not about the company; it's about trading buyers across all of its customer sites.
I wonder if this is a case of the company selling anything they could to escape dire financial straights or if it is the case of a disgruntled underpaid employee indulging.
Am I surprised such a shady company had its user's credit card info traded on the black market? Gosh, not really.
Re:Quite Humorous (Score:5, Funny)
Not so Funny.. (Score:2)
Prisons provide cheap work programs to businesses so that they can keep the prisoners busy. Some of these programs involves things like processing credit card orders and doing data entry.
This particular link [ncl.ac.uk] is from 1991, but it was one of the first that popped up in Google. AFAIK, it still goes on in various prisons.
Re:Quite Humorous (Score:2)
Re:Quite Humorous (Score:2)
Time for an Open Porn Movement (Score:5, Funny)
Plus, given the bottoming out production costs, we can easily produce porn of the same quality as closed source porn.
Time for an Open Porn Movement (Score:5, Funny)
Darn that name (Score:3, Informative)
It was a really fun thing trying to explain to the ISP person why they should put in an caching exemption for a site called "freshmeat", and what the actual content of said site was.
That's what I don't get... (Score:4, Informative)
Unless your idea of hotness is overproduced Playboy-style photography with a combination of four different skin textures, three different lighting rigs, and sixteeen different gauze filters, you can get what you want on Usenet without risking your credit history.
Re:That's what I don't get... (Score:2, Interesting)
Re:That's what I don't get... (Score:3, Funny)
Same kind of moron who pays cash for some semi-naked woman to dance in front of him!
I mean, you gotta make a chick work for sex!
Re:Time for an Open Porn Movement (Score:2)
So: zlib Licence if you just want it known that "it really is my arse"; GPL for those who want it all kept out in the open; and BSD only if you're into that sort of thing?
Re:Time for an Open Porn Movement (Score:2)
Re:Time for an Open Porn Movement (Score:2)
Therefore, a BSD license would be very apt for snuff films.
Re:Time for an Open Porn Movement (Score:2)
Re:Time for an Open Porn Movement (Score:2)
Re:Time for an Open Porn Movement (Score:2, Funny)
Argh! Need mental erasor!!!!
"Interesting" headline. (Score:5, Interesting)
Re:"Interesting" headline. (Score:4, Funny)
Is that what furious masturbation sounds like?
In other news... (Score:5, Funny)
Re:In other news... (Score:2)
This could be a blackmail gold mine; "give me $5000 or I tell your wife about your subscription to gayguys.com". Scary.
Oh crap... (Score:5, Funny)
I mean, not that it would matter to me if they did...I'm just curious.
Re:Oh crap... (Score:5, Informative)
No, but they did do credit card processing for sites featuring under-18 models doing "non-nude" work. Within the past couple of weeks, a group of those sites got busted and the FBI has announced intentions to prosecute them for selling child porn even though the models were clothed. (It seems the clothes were too small and/or the poses too racy.) Note that I don't know if any of the recently busted sites were using iBill and the point may already be moot since iBill has been defunct or close to it for a while.
However, according to TFA
I have to figure if logins and passwords are there, then the websites accessible via those logins might also be in the data. If so, I imagine that at this moment a whole bunch of guys are pretty worried.
Re:Oh crap... (Score:2)
Re:Oh crap... or why horses shy away from ... (Score:2)
You know, that's illegal in the state of Washington now.
Seriously, the Governor just signed a bill.
Not that I'm curious, but your governor made curiosity illegal?
No Baby! I swear it wasn't me! (Score:5, Funny)
Whew, that was too close (Score:5, Funny)
Now if they leak the hardon pill database I'm screwed...
Re:Whew, that was too close (Score:2)
Internet IP addresses? (Score:4, Funny)
Well, as long as they didn't get their PIN numbers.
Wait a second... (Score:5, Funny)
Sure, you *can*... (Score:2)
This Could Be Quite Damaging! (Score:3, Funny)
--------
Bill O'Reilly
bill@billoreilly.com
WEBSITES
--------
falafelpron.com
hotfalafels.com
teenfalafel.com
Re:This Could Be Quite Damaging! (Score:2)
Re:This Could Be Quite Damaging! (Score:3, Insightful)
Well thank God I never pay for porn... (Score:5, Funny)
Re:Well thank God I never pay for porn... (Score:2)
If... (Score:3, Interesting)
I suppose it's wishful thinking, though, because everybody wants to be the central financial gateway (Visa, Mastercard, Paypal, etc.) and governments prefer being able to track all transactions (toll booth transponders, bankers reporting all transactions over $10,000, etc.).
Re:If... (Score:2)
Anonymous digital transactons won't be allowed (Score:4, Interesting)
Exactly. You are more likely to see secure computers and honest people than anonymous digital transactions. Governments won't allow it. And no you do not have a US Constitutional right, quite the contrary, the US government has the Constitutional power to create currency, collect taxes, define felonies (say money laundering) and pass enacting legislation, etc.
Where do I buy? (Score:5, Funny)
8 cents a share? Nowhere to go but up! Time to call my broker*.
At the very least, their certificate will look good on the wall, next to the one from Enron. Maybe really good -- or really bad -- depending on which of their subsidiaries did the artwork. According to the Yahoo Finance link, "IBD also owns a library of original cartoon cel art (including He-Man, She-Ra, and Flash Gordon) [and] a 35% stake in Penthouse publisher Penthouse Media Group."
*Disclaimer: I don't have a broker.
Freakin' Sweet (Score:5, Insightful)
Woohoo! Free porn for everyone!
More material for late night talk shows (Score:3, Insightful)
The funny part is when we get to see the "questionable" surfing habits of some famous self-righteous fundy preachers. I love it.
Of course, it wouldn't be so funny if the entire credit card info got released...
Good thing... (Score:2)
BIG DEAL? (Score:2, Insightful)
About the only thing one can do with this information is crank calls and spam.
Big deal.
Still Online? (Score:5, Interesting)
Last month, Sunbelt Software found an additional list of slightly over 1 million individual entries labeled Ibill_1m.txt on a spamming website. That list appeared to date from 2003.
Hmm.
http://www.google.com/search?q=Ibill_1m.txt [google.com] Thaaaat doesn't look good.
Whois data (Score:5, Interesting)
http://www.whois.net/whois.cgi2?d=5sec.us [whois.net]
(sorry, lameness filter is being lame, here's just the basics badly formatted)
Registrant Name Sean Rogers
Registrant Organization Sean Rogers
Registrant Address1 1275 Falkland Rd
Registrant City Jacksonville
Registrant State/Province FL
Registrant Postal Code 32221
Registrant Country United States
Registrant Country Code US
Registrant Phone Number +95.486824101
Registrant Email gsmmax@mail.ru
Yes (Score:2)
Re:Still Online? (Score:2)
Mirror please.
I feel a great disturbance in the Force..... (Score:4, Funny)
Re:I feel a great disturbance in the Force..... (Score:2)
"If I had a girlfriend, she'd kill me!"
Know Your Congress (Score:5, Funny)
You forgot (Score:3, Informative)
Will anyone sue? (Score:2)
different rules for porn watchers (Score:2)
Yeah, because it's porn related. You can bet if this happened to Disney online they'd be maxim publicity.
Re:different rules for porn watchers (Score:2)
Uh... isn't Maxim [maximonline.com] basically soft porn?
Re:different rules for porn watchers (Score:2, Informative)
Maxim would be mild erotica. When the pussy makes it's appearance is where soft porn begins. Even then I would classify that as mild erotica.
What we need (Score:4, Interesting)
Then we'll see swift lawmaking action to clamp down on leaks of personal information by merchants and money-handlers.
Even better (Score:2)
The first thing they'd probably do is hunt down the info-leaking merchants with a vengeance.... but it would also be nice to see how such things fit with their anti-pr0n crusading.
So even those who give a f*ck ... (Score:4, Funny)
From TFA (Score:2)
The 41-year-old San Diego man says he allowed a "business partner" to use his credit card on an adult website dedicated to finding resources in Tijuana's red light district, with discussion groups and locations of prostitutes.
Right... a business partner...
News for Nerds... (Score:5, Funny)
In Unrelated News .... (Score:2)
I'm cool.... (Score:2)
This is also used by the Washington Post (Score:3, Informative)
Re:This is also used by the Washington Post (Score:2, Interesting)
Re:This is also used by the Washington Post (Score:2)
Also stolen credit cards used? (Score:2)
Heres the actual list.... (Score:5, Informative)
http://5sec.us/Ibill_1m.txt [5sec.us]
I don't know why you'd want it, maybe you can use the passwords or something. But there it is anyway.
Re:Heres the actual list.... (Score:3, Informative)
To link from Slashdot to a file nearly a quarter of a gig large is surely meant in jest?
Everyone seems to be forgetting... (Score:5, Informative)
Livejournal, for example, was offering payment through iBill [livejournal.com] during the time covered by the leak (run that link through Archive.org if you care to verify, /. filters the part following the asterisk).
Re:Everyone seems to be forgetting... (Score:3, Funny)
"Each copy must be getting read by several thousand people, if that is the case", said the circulation manager of LiveJournal. "Perhaps we should put our membership list on the web next week
And in the Congress lobby this week, the biggest topic in conversation was "Did you see that article in LiveJournal..? I read it all the time."
The IP information is invaluable (Score:2)
I sure hope someone posts the list. They should put up a site where you can type in an IP and get a name and address. VERY, VERY useful in cases where you're getting spam from zombied PCs or someon
Re:The IP information is invaluable (Score:2, Informative)
Well, that explains why I'm getting more spam... (Score:3, Informative)
I figured my email addresses had been sold by one of those sleazebag payment processors. Turns out they aren't evil, they're just STUPID.
Re:Well, that explains why I'm getting more spam.. (Score:2)
In my case, every piece of information in the database entry is wrong (according to the email I found from the original purchase), since I've moved four time since I bought the account.
Hmmph. I'm in the same boat as you. This sucks.
IP adresses? (Score:5, Funny)
So it included the internet internet protocol addresses? I keep my internet IP address next to my PIN number at the ATM machine.
Porn Leak (Score:4, Funny)
Re:HAH (Score:2, Funny)
Re:HAH (Score:2)
Re:Gullible morons (Score:4, Funny)
They might take you upon that offer for their new Computer Geeks Gone Wild series.
Re:IP Addresses, huh? I have this friend... (Score:2)
Whaa? You have to pay for it?