Details of more than 570,000 credit card holders may have
been stolen from users of over 4,000 US-based websites hosted by
Network Solutions, the company has warned.
The web hosting firm said it found malicious code on servers
supporting some of its e-commerce clients' websites.
Cybercriminals used a similar method to steal millions of credit
card transition details from
Heartland Payment Systems in 2008.
"The code may have captured transaction data from approximately
573,928 cardholders," Network Solutions said in a
statement.
Forensic investigations revealed that the data breaches took
place between 12 March and 8 June 2009.
"At this point we have no reports or other reasons to believe
any credit card information has been misused," the company
said.
The breach affects only US merchants, but demonstrates that all
e-commerce firms must check the security of third-party service
providers thoroughly.
Network Solutions has moved quickly to avert a public relations
disaster by helping affected merchants notify their customers.
The web hosting firm has also used social networking tools to
alert merchants and their customers and set up a
website to keep
merchants informed and updated.
A posting on the site emphasised that the data breach affected
only Network Solutions' e-commerce customers.
"Customers of Network Solutions that have other products, such
as domains, e-mail accounts, hosting and online marketing, were not
impacted by this event," it said.
Network Solutions said it used the
Radian6 tool to spread
information and advice through
Twitter Search,
Google Alerts and
Backtype.