RealNames is Latest Hack Victim

The latest breach of Internet security hit Internet keyword search
company RealNames Inc. this week, but
this time credit card information may have been compromised.

RealNames Chief Executive Officer Keith Teare said the company noticed earlier this week that someone was redirecting the company’s keywords to a Web site in China. To do so, the cracker had to have gone through the customer database, where customer credit card information was located.

RealNames’ front-end system was running Windows NT V4 when the hack occurred. Teare claimed the box was up to date with all patches (SP5) but the attacker was still able to use it to penetrate the firm’s
firewall and access the company’s customer record database.

“There’s no evidence that any credit card information was taken, but the best thing for us to do was assume the worst,” said Teare.

He said that more than 50,000 customers’ credit card information was exposed. The company has notified its customers and credit card companies of the breach, as well as enlisted the help of the FBI to track down the culprits.

To prevent further security breaches, RealNames called in Internet Security Systems, Inc. (ISSX) to conduct a full security audit. The company also added a second firewall.

Teare said the company is alerting the public of its situation to raise awareness, hoping to prevent further security breaches to other companies.

The attack on RealNames is the latest in a string of hacks on popular Web
sites in the past week. Sites such as Yahoo! (YHOO), Amazon (AMZN) and E*Trade (EGRP)
were hacked with denial of service attacks, meant to overload a site’s servers and render them inaccessible.