Small-Time E-tailer Suffers Big-Time Security Breach

As the issue of Internet security drives toward a critical mass in 2000, yet another e-commerce site has been victimized by a hacker attack.

Tiny New York-based SalesGate.com reportedly informed its customers by memo that some 2,000 customer records, including credit card and other information, were stolen and posted on the Web. SalesGate.com makes a point of notifying its small business customers that it is a secure buying and selling environment.

“We regretfully inform you that SalesGate has suffered a security breach in our customer database,” the company said. “Among the data accessed illegally from our system and posted to the Internet are credit card numbers of some of our customers.”

Already Working with Feds

The firm added that it is working with federal authorities to investigate the online break-in. In an exclusive interview with the E-Commerce Times last month, FBI special agent Charles Neal, who heads the Los Angeles computer crime squad, said that while it is difficult to catch such criminals, it is certainly possible — especially if an individual or small group is responsible.

SalesGate said it has notified all the customers who were affected, and has canceled the cards directly with the credit card companies. Nevertheless, it sent an e-mail that warned customers to be on the lookout for unauthorized purchases charged to “SalesGate” or “Internet Management Services.”

Latest in a String of Attacks

Because the SalesGate attack cuts directly at the security of shopping on the Web, many analysts consider it far more serious than the highly-publicized denial-of-service (DoS) attacks that have been carried out against some of the Web’s most popular sites, including Yahoo!, online auctioneer eBay, Inc. and online broker E*Trade.

“Unlike attacks aimed at firms like CD Universe, these attacks aren’t from hackers after a financial windfall or malicious destruction — rather, they’re just after 15 minutes of fame,” market research firm Forrester Research said in a brief earlier this month.

“Although these attacks have captured the public’s attention, they will fade like all other attacks before them,” the brief added. The SalesGate attack, however, is similar to the hacker attack on CD Universe, in which 25,000 credit cards were stolen and then posted to the Web after the company refused to pay extortion money to prevent the posting.

A hacker named Maxus was named as being responsible for the attack, which is still being investigated by the Federal Bureau of Investigation and other agencies.