Blessed Bee Inc. Hacked
- MM and good evening all.
Just sending this as a heads up - it is being reported that
Blessed Bee Inc., the publisher of "Pan Gaia", "New Witch", "Sage
Woman" and "The Blessed Bee", was hacked on October 24, 2003.
On this date, a Pakistani hacker managed to circumvent the
security of their ISP and penetrated their customer database; the
hacker subsequently stole credit card information for customers that
had ordered online since December 1, 2002.
A message on the Pan Gaia website is indicative of a scramble to
implement new security measures:
" NOTICE TO OUR VALUABLE CUSTOMERS ~ Access to our online ordering
system is currently down due to ongoing upgrades to our security
systems. For fastest service, please call our toll-free number 888-
724-3966 or 707-882-2052. If you reach the message machine, leave
your name, number and a time to reach you and we will call you back
promptly on our dime. You may also order via mail, send your order
to: Blessed Bee, Inc., P O Box 641, Point Arena, CA 95468. We
apologize for any inconvenience and thank you for your support."
Should anyone be affected by this theft, you may wish to
contact your credit card company and have a either a new card issued
or your current card red flagged in order to protect yourself against
any potential fraud or identity theft.
As an Information Security Geek, let this serve as a lesson to
online shoppers and follow my sagely counsel <grin>:
a. Should you be unsure of what the company does with your
personal info, don't shop online - mail may take
longer, but it's better than being a victim of identity
b. if you do choose to shop online, be an informed internet
citizen - look for indications during the ordering phase
that allow you to opt out of the company saving your
information and choose to opt out;
c. don't be afraid to ask questions - you can probably contact
the company and inquire about what how they store/protect
your personal info - they will usually accommodate your
information requests as they want your business and they
know that misgivings about a company can spread like
wildfire on the 'net; and
d. if you are a dot commie <grin> and have a business presence
online, never store your customer's information where it
can be accessed by an internet entity - keep your databases
separate and isolated from your enterprise server if at all
possible. And for those of that may have doubts, using a
VPN to access or network the databases and enterprise server
is not a guarantee that you won't be compromised.
you are secure.
Anyhoo, thus concludes my information security rant for the
Ted Mac Daibhidh
Whitehats.ca Information Systems Security
Intrusion Detection Specialist