• United States



by Dave Gradijan

Online Payment Co. Leaks Info on 17 million

Mar 09, 20062 mins
CSO and CISOData and Information Security

More than 17 million customers of iBill, an online payment service associated with pornography sites, had personal information posted on the Internet, Wired News reports.

The posted information includes names, phone numbers, addresses, e-mail addresses and Web IP addresses, according to Wired News.

Social Security, driver’s license and credit card numbers were not leaked, so the company was not required by law to report the incident to its customers, Wired News reports.

The iBill data was discovered in two different locations on the Web, by two separate security companies researching malicious software, according to Wired News.

Secure Science first found the data on 17 million people on a phishing site in February 2005, Wired News reports, and it immediately alerted the FBI.

The data Secure Science found pertained to transactions that took place between 1998 and 2003, according to Wired News.

IBill did not respond to Wired News’ repeated inquiries.

Then, last February, Sunbelt Software located the second list of data on roughly 1 million people on a spam site, Wired News reports, and it was dated 2003.

Adam Thomas of Sunbelt Software told Wired News the leak looked to him like an inside job because the file in which the data was found was so large it would’ve been difficult to download undetected. He said an employee or other insider could’ve simply stolen the records from iBill with the intention of selling them on the black market, Wired News reports.

“The fact that a total of 17,781,462 iBill records have been found in the hands of criminal hackers is quite disturbing, be it an inside job or the successful work of hackers,” Thomas told Wired News.

For related CSO content, read When the Dike Breaks: Responding to the Inevitable Data Breach.

For related news coverage, read Ore. Health Data Breach Results in Loss of 4 Jobs and McAfee Employee Data Lost by Auditor.

Keep checking in at our CSO Security Feed page for updated news coverage.