Network Solutions hit by major card data breach

Security experts are calling the hack - which took place between March 12 and June 8 this year - of significant magnitude.

The internet service firm says it discovered the breach of its databases in early June, and has concluded that the details of as many as half of its customer base may have been compromised.

The Washington Post quotes Susan Wade, a Network Solutions spokesperson, as saying that the hackers left behind malicious code, which allowed them to intercept personal and financial information for people who made purchases at the stores hosted on those servers.

Wade has said her company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in.

According to Steve Moyle, chief technology officer of database security provider Secerno, what many experts are likely to be asking is how this breach could have happened and gone on for such an extended period after the lessons of Heartland.

"The reality is that many enterprises are behind in security protection efforts, such as anti-virus updates, due to shrinking IT budgets," he said.

"In a recent webinar offered by Forrester and Secerno, Forrester revealed that 60 per cent of enterprises are behind in implementing security patches, which is consistent with what we are seeing in the field," he added.

According to Moyle, company IT departments simply do not have the resources to complete these updates in a timely fashion, resulting in network vulnerabilities that are easily exploited.

Moyle said that what happened at Network Solutions can be considered a primer to the modus operandi of the latest generation of hackers.

"Malware was planted on locations with access to credit card and other financial data, with the data grabbed and sent to a location off the Network Solutions network. From what we have witnessed at Secerno, we estimate that much of this data was used for immediate fraudulent transactions," he explained.

"The coming weeks will reveal more detail, including the identity and locations of the more than half a million people affected. We hope that all organizations that work with personal financial data consider the implications that this breach has for their businesses, and we commend Network Solutions for being proactive in helping retailers inform those affected," he said.

Newswire reports suggest that, given the extended nature of the breach, the data may have changed hands many times by now.

Infosecurity notes that, even if elements of the breached files were marketed for a smalls sum for each account on so-called carder forums, the revenue stream for the hackers would have been well into six figures in dollar terms.

Network Solutions has announced it is offering 12 months of credit monitoring for those accounts that may have been breached.

What’s Hot on Infosecurity Magazine?