2 min read

Ouch! Security expert writes book about hackers, then his publisher is hacked

Graham CLULEY

October 25, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ouch! Security expert writes book about hackers, then his publisher is hacked

Award-winning investigative reporter Brian Krebs has a book coming out next month called “Spam Nation”, exploring the underbelly of the cybercrime world.

It’s bound to be a brilliant book because, well.. frankly, everything Krebs does is brilliant.

spam-nation-600

 

But if you’re one of the eager followers of Krebs’ blog who has pre-ordered his book, or other products, from his publisher Sourcebooks then you may want to keep a close eye on your credit card statements.

Because, in a twist of immense irony, Brian Krebs’s publisher has been hacked.

Ouch!

Details of the security breach arrived via a blog post from Brian Krebs, which linked to a disclosure made by the publishing firm to the California Attorney General`s office.

sourcebooks-disclosure

 

Sourcebooks recently learned that there was a breach of the shopping cart software that supports several of our websites
on April 16, 2014 ” June 19, 2014 and unauthorized parties were able to gain access to customer credit card information.
The credit card information included card number, expiration date, cardholder name and card verification value (CVV2).
The billing account information included first name, last name, email address, phone number, and address. In some cases,
shipping information was included as first name, last name, phone number, and address. In some cases, account password
was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card
Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the
extent of this breach.

Disappointingly, there is currently no mention of the security breach on Sourcebooks’ home page, or on its blog – two places where you would expect the firm to take the opportunity to inform and warn its customers.

An examination of Sourcebooks’s website suggests it is running the CS-Cart ecommerce software, although it is unclear whether it was running the same online store code at the time of the security breach.

No details of the precise nature of the vulnerability in the Sourcebooks shopping cart software has been released, but there will no doubt be questions asked to whether the firm had kept their online store properly patched and configured to deflect attackers.

If your website relies upon third-party code and software then it is essential that you ensure it is doing the very best job possible of securing data – particularly if it might be responsible for protecting the personal information of your customers.

Of course, it’s important to underline that none of this is the fault of Brian Krebs – who has in past blog postings been encouraging his readers to pre-order his book from better known outlets such as Amazon and Barnes & Noble. I bet he’s grateful now he wasn’t actively pointing people in the direction of his publishers.

He, no doubt, is as disappointed with what has happened as the rest of us.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read