For those of you with webcertificates read this!!!!

[Racketear]

Recieved this via e-mail today from
<a href="mailto:zilterio@ecount.com">zilterio@ecount.com</a>


Dear XXX

Right now your account is under our full
control. And we can use your money for our
profit. Our advise to you - take all your
money off this server.

I hate to inform you that your account
has been hacked on webcertificate.com and
ecount.com. These sites have very weak
security protection system and the database
with credit cards and other personal information
is not protected at all. Your personal details:

XXX XXXx
(email:racketear)

lynnwood , WA , 98043 , US

Your credit card/account information:

XXXXXXXXXXXXXXXXX

3/11/03 2:13:45 AM

We offered them our help many times. But top
management of webcertificate.com and ecount.com
don't care about their customers - you. They
care only about their money.

zilterio

---

Let's give this a little perma-bump so others get the message. Do read the notice in the link, posted by others in this thread.

AnandTech Moderator

 

[G19]

http://www.ecount.com/notice_ecount.asp

 

[Racketear]

<< http://www.ecount.com/notice_ecount.asp >>



Regaurdless, that is my webcertificate number and e-mail someone else has. That e-mail also came from inside their system.

 

[Aar0n]

A pretty big screw up regardless of whether the person got CC's or not...

from the link:



<< Dear Valued Customer,

Per our previous messages, we?ve confirmed that a cyber criminal inappropriately accessed our systems in late August, and stole personal account information from our database, including your Name, Address, Email and Ecount number.

Working with the proper legal authorities, we now believe that within the next 24 hours, the criminal may attempt to SPAM you with false information.


He will claim to have your credit card number. He does not. It?s impossible, since we do not and never have stored credit card numbers.
He may claim that he can use your Ecount funds. This is absolutely not true. He has your old invalid Ecount number, which is blocked and cannot be used by anyone.
While the email will reveal personal information (name, address, email), you?re at no financial risk.
This criminal?s unscrupulous act is a last-ditch attempt to damage our business for fighting back against his extortionist demands. If he?s so brazen to continue to SPAM you in the future, please continue to show your resolve by deleting his emails.

Thanks for your overwhelmingly positive support. If you have any questions or concerns, please contact us at customerservice@ecount.com, or call us at 877-ECOUNT-5.

Sincerely,

Matthew J. Gillin
CEO
>>

 

[MrBond]

Did it come from their system, or did he forge the headers to make it look like it did. View the full headers (right click on the messege, go to properties, click on the details tab). If it went through more then one server, he forged the email headers.

 

[MisterE]

I have received a few email warnings from WebCertificate concerning this breach (EDIT: By warnings, I mean that WebCert informed me of this and not someone claiming to have my CC information). It is a shame that someone was able to raid their account database, but WebCertificate has done the best they can in limiting damage from this act. I make almost all of my online purchases using my WebCertificate, and will continue to do so in the future.

E.

 

[Rhobite]

I got a free webcertificate about 2 years ago, back when Internet companies used to give away free money. Never used it since then, and I never refilled it or received another one. This guy broke into their servers a few months ago, and got the customer database including acct #'s. Since the acct #'s are just pre-paid mastercard I think, he could have carded a lot of stuff and got caught. Instead he tried to blackmail Webcertificate by threatening to release the info. They didn't bite, and he did release the information. I don't think they caught him. He did send out the same spam this morning, so I don't know what's going on now.

So he has my home address, e-mail addr, and a webcertificate acct # with zero balance.. I'm not scared. I am going to steer clear of webcertificate in the future, though..

 

[Lucky]

webcertificate is just beating themselves into the grounds by not paying this guy off the 100K he wants. they've lost much more in potential customer revunue-including me-by letting this guy run amok and release these emails multiple times. sure, its bad policy to pay a blackmailer off, but when he can do this kinda stuff and the FBI/ecount are unable to catch him, just pay the fu**er off. JHC.

 

[Racketear]

Return-Path: <zilterio@ecount.com>
Received: from rack.cjb.net ([66.70.83.60])
by mail.cjb.net (8.11.6/8.11.6) with SMTP id fBUDOwf23332
for <click@rack.cjb.net >; Sun, 30 Dec 2001 06:24:58 -0700 (MST)
Message-Id: <200112301324.fBUDOwf23332@mail.cjb.net>
Content-type: text/plain
Date: Sun 30 Dec 01 08:26:45 -0500
Mime-Version: 1.0
Sender: "Mr. Zilterio" <zilterio@ecount.com>
Subject: Account troubles
To: click@rack.cjb.net
From: "Mr. Zilterio" <zilterio@ecount.com>
Content-Transfer-Encoding: 7-bit
X-Mailer: Microsoft Outlook Express 5.00.3018.1300

hrmm

 

[Madib]

Yep, faked...running the headers through SpamCop it shows that the email was coming from datapipe.com:

Parsing header:

Received: from rack.cjb.net ([66.70.83.60]) by mail.cjb.net (8.11.6/8.11.6) with SMTP id fBUDOwf23332 for <click@rack.cjb.net >; Sun, 30 Dec 2001 06:24:58 -0700 (MST)
Possible spammer: 66.70.83.60
[show] "nslookup 66.70.83.60" (getting name) no name
[show] "nslookup rack.cjb.net" (checking ip) ip = 216.194.70.4
[show] "dig mx rack.cjb.net" (digging for mail exchanger) 66.70.83.60 is not MX for rack.cjb.net
[show] "nslookup rack.cjb.net" (checking ip) rack.cjb.net not 66.70.83.60, discarded as fake.
[show] "dig -x 66.70.83.60 soa" (digging for start of authority) - hostmaster@hispeedhosting.com
ips don't match; rack.cjb.net discarded as fake
Taking name from IP...
[show] "nslookup 66.70.83.60" (getting name) no name
[show] "nslookup 60.83.70.66.inputs.orbz.org." (checking ip) not found
Received line accepted


Tracking message source:66.70.83.60:
[show] "nslookup 66.70.83.60" (getting name) no name
Routing details for 66.70.83.60
[refresh/show] Cached whois for 66.70.83.60:hostmaster@datapipe.com
hostmaster@datapipe.com: abuse.net datapipe.com = abuse@datapipe.com
abuse.net datapipe.com = abuse@datapipe.com
Using best abuse.net reporting addresses:abuse@datapipe.com
Whois found:abuse@datapipe.com


Finding IP block owner:
Routing details for 66.70.83.60
[refresh/show] Cached whois for 66.70.83.60:hostmaster@datapipe.com
hostmaster@datapipe.com: abuse.net datapipe.com = abuse@datapipe.com
abuse.net datapipe.com = abuse@datapipe.com
Using best abuse.net reporting addresses:abuse@datapipe.com
Identical to reporting source:abuse@datapipe.com

Re:66.70.83.60 (Administrator of network where email originates)
To: abuse@datapipe.com (Notes)

 

[Justincase]

Oh damn...that $0.99 that's been in my account is in serious jeopardy...oh no wait...Webcertificate took it last month as a dormancy fee :Q

Hmmm...do people actually leave real money in these insecure online accounts?

 

[noxxic]

Yup, this is an old threat... They stole the WC account information, WC reset everyones account, and this guy is just re-using that old information. I actually had some money in WC from reward programs and didn't loose a cent. WC has been good for me... It got me through to almost 2 years at NetFlix now.

 

[CentralScrutinizer]

Actually, I got an email from that guy today and he sent me my current webcertificate acount info -- the new one that webcert gave me last time this guy jacked them up.

So, the webcert warning is not acurate -- they say the hacker has old information, but he is able to retrieve new account information.

In any event, I don't have any money in the account. But that hacker does have my name and address, which sucks.

I am mildly entertained by this. Webcert obviously had a serious flaw in their system, and this hacker did what a few others have tried -- tell them of the security hole and offer to "fix it" for a price, or threaten to misuse the info. It is pure, illegal extortion, but webcert should have hired the guy and/or paid the money to make their site secure. They have blasted their credibility, and the fact that this guy got new information a second time is outrageous!

After all, their number one business priority should be security, and they blew it.

 

[XFreebie]

i'm glad i dont have a webcertificate stuff.... now about that flooz....

 

[noxxic]

Whoa... The current info?! I haven't gotten that email yet so I didn't know... That's pretty dumb if they haven't fixed the hole yet... Oh well, good thing I just spent most of my $$.

 

[n4v1]

He sent me my summer address/info (June-August)

 

[Luden]

nm..

 

[vegetation]

<< webcertificate is just beating themselves into the grounds by not paying this guy off the 100K he wants. they've lost much more in potential customer revunue-including me-by letting this guy run amok and release these emails multiple times. sure, its bad policy to pay a blackmailer off, but when he can do this kinda stuff and the FBI/ecount are unable to catch him, just pay the fu**er off. JHC. >>



To add insult to injury, webcertificates is now going to a collection agency for those who have negative balances. Apparently, those with negative balances will receive a threatening letter not from some hacker, but from webcertificates themselves, demanding any negative balance to be paid up, whether it be just a few pennies or whatsoever. Talk about a sh*tty company that hates customers.

 

[wiredspider]

Luckster,

What if WC did pay the guy? He still has the info, WC would have nothing to gain, the guy could still release all this info to other people after he has been paid. If it were you wouldn't you just jack them up for the cash they would give?

 

[XFreebie]

cant they catch him when they pay him?

 

[TBC]

He sent me an email claiming he had my credit card number also, and gave me the last 4 digits. However I have no credit card with the numbers he gave.

 

[dentalboy]

have 8 bucks left from a schwab promotion better use it before it get taken away!!

 

[netalie]

I need to spend whatever is left in my account. Thank you for the info everyone.

 

[emaij]

Webcertificates are a bunch of thieves anyway. Try leaving any money in your account for a while. Their fees drained me of almost my entire account. Their response was "tough luck sucker".

I would never put a penny in an account with them.

 

[Doomguy]

They let me overcharge my account by $1.81 and they said i'd have to pay it or they'd have their collections department take care of it. I told them there was no way they could make me pay, their TOS said nothing about it, and IT'S NOT CREDIT.