- deleted all street addresses
-turned off the ability to request payment until Feb 15th
-turned off the ability to close accounts until Feb 15th
-Is urging all members and advertisers to change their passwords
QUOTE
On January 28, 2003, ReadThemWell.com was the victim of a hacker
attack.
On that day several responsible Internet users notified us that a
person
was offering for sale a secret password that would open any account at
RTW. ?His offer was posted on several bulletin boards and he even had
the
nerve to contact us directly.
As we mentioned above, we were in email contact with the hacker. ?
Through
our contact with this person we asked him to prove that he truly could
do
what he claimed. ?He soon replied with my personal password to the
master
account. ?As soon as we received this proof we closed the site and
considered all the vital areas that this person could affect. ?We
decided
that these were the most important areas:
- Street Addresses
- Payment Requests
- Account Closings
Street Addresses
The very first thing we did was immediately delete ALL street address
information from our database. ?We consider your street address to be
the
most personal information of yours that we collect, so it was the first
to
go.
The next time you login to your account you?ll notice that any area
that
used to display your address now shows ?[Not Shown for Security
Reasons].?
That message is simply meant to be a ?place holder? until our pages can
be
redesigned. ?Soon, even those messages will be removed from the site.
I would like to stress one last time that ALL of your street address
information has been COMPLETELY DELETED from our database.
Payment Requests
Another concern we identified was the ability for the hacker to find an
account that had a payment balance. ?At that point he could put in a
payment request for someone else?s money and have it sent straight to
his
personal online accounts.
In response to this threat we have ?turned off? the ability to request
payments until February 15, 2003. ?In addition, any payment requests
that
were still outstanding at the time of the attack will be returned to
your
accounts. ?This will ensure that any attempt made by the hacker to send
a
payment to his personal account will be foiled. ?Anyone who had an
outstanding payment request will have to request the payment once again
on
or after February 15, 2003.
Account Closings
Another thing this hacker could have done is randomly close Member
accounts. ?In response to this threat we have ?turned off? the ability
for
Members to delete their own account until February 15, 2003. ?NO
ACCOUNTS
WILL BE DELETED EITHER BY THE MEMBER OR THROUGH EMAIL REQUEST UNTIL
THAT
DATE.
CHANGE YOUR PASSWORD
AT THIS TIME WE ARE STONGLY URGING EVERY MEMBER TO LOGIN TO YOUR
ACCOUNT
AND CHANGE YOUR PASSWORD. ?OUR SITE IS NOW SECURE FROM THIS HACKER AND
HE
WILL NOT BE ABLE TO GET YOUR NEW PASSWORD. ?PLEASE USE THE LINK BELOW
TO
CHANGE YOUR PASSWORD NOW!
http://www.readthemwell.com/members_area/e...edit/info_1.asp
Suspended Functions
The Close Your Account and Request Payment functions will remain
suspended
until we feel that each Member has had sufficient time to change their
password. ?We believe that waiting until February 15, 2003 will be
enough
time.
attack.
On that day several responsible Internet users notified us that a
person
was offering for sale a secret password that would open any account at
RTW. ?His offer was posted on several bulletin boards and he even had
the
nerve to contact us directly.
As we mentioned above, we were in email contact with the hacker. ?
Through
our contact with this person we asked him to prove that he truly could
do
what he claimed. ?He soon replied with my personal password to the
master
account. ?As soon as we received this proof we closed the site and
considered all the vital areas that this person could affect. ?We
decided
that these were the most important areas:
- Street Addresses
- Payment Requests
- Account Closings
Street Addresses
The very first thing we did was immediately delete ALL street address
information from our database. ?We consider your street address to be
the
most personal information of yours that we collect, so it was the first
to
go.
The next time you login to your account you?ll notice that any area
that
used to display your address now shows ?[Not Shown for Security
Reasons].?
That message is simply meant to be a ?place holder? until our pages can
be
redesigned. ?Soon, even those messages will be removed from the site.
I would like to stress one last time that ALL of your street address
information has been COMPLETELY DELETED from our database.
Payment Requests
Another concern we identified was the ability for the hacker to find an
account that had a payment balance. ?At that point he could put in a
payment request for someone else?s money and have it sent straight to
his
personal online accounts.
In response to this threat we have ?turned off? the ability to request
payments until February 15, 2003. ?In addition, any payment requests
that
were still outstanding at the time of the attack will be returned to
your
accounts. ?This will ensure that any attempt made by the hacker to send
a
payment to his personal account will be foiled. ?Anyone who had an
outstanding payment request will have to request the payment once again
on
or after February 15, 2003.
Account Closings
Another thing this hacker could have done is randomly close Member
accounts. ?In response to this threat we have ?turned off? the ability
for
Members to delete their own account until February 15, 2003. ?NO
ACCOUNTS
WILL BE DELETED EITHER BY THE MEMBER OR THROUGH EMAIL REQUEST UNTIL
THAT
DATE.
CHANGE YOUR PASSWORD
AT THIS TIME WE ARE STONGLY URGING EVERY MEMBER TO LOGIN TO YOUR
ACCOUNT
AND CHANGE YOUR PASSWORD. ?OUR SITE IS NOW SECURE FROM THIS HACKER AND
HE
WILL NOT BE ABLE TO GET YOUR NEW PASSWORD. ?PLEASE USE THE LINK BELOW
TO
CHANGE YOUR PASSWORD NOW!
http://www.readthemwell.com/members_area/e...edit/info_1.asp
Suspended Functions
The Close Your Account and Request Payment functions will remain
suspended
until we feel that each Member has had sufficient time to change their
password. ?We believe that waiting until February 15, 2003 will be
enough
time.
I hope they get that guy/gal...