Re: INCIDENT: WebCertificate.com hacked

From: Brett Glass (brett@lariat.org)
Date: 10/11/01


Message-Id: <4.3.2.7.2.20011011112013.04cb2f00@localhost>
Date: Thu, 11 Oct 2001 11:23:15 -0600
To: "Simon Gales" <simongales@home.com>, <bugtraq@securityfocus.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: INCIDENT: WebCertificate.com hacked

At 06:57 AM 10/11/2001, Simon Gales wrote:

 
>I received the following email this morning (appropriately cleansed):
>
>[SNIP]
>
>I've notified privacy@webcertificate.com and VISA, and am awaiting their
>response.

FYI:

The number that is claimed to be a "credit card" number in these
malicious e-mails is not one. It's the serial number of a
"Webcertificate." There is therefore no reason to notify your
credit card issuer. The vendor knows which numbers were
compromised and has invalidated them already, so there is no
risk of theft. Users will receive new certificate numbers and
will not lose credt from their accounts.

--Brett