Network Solutions suffers crippling data breach

Over 4,000 merchant web sites may have been compromised

Over half a million credit card holders may have had their account details captured by hackers, after web hosting firm Network Solutions revealed that more than 4,000 of the e-commerce sites it hosts could have been breached.

The firm admitted in a statement that it had "identified unauthorised code on servers supporting some of our e-commerce merchants' web sites".

"After conducting an analysis with the assistance of outside experts, we determined that the unauthorised code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant web sites to servers outside the company," the statement continued.

"The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring."

Network Solutions said that it is co-operating with law enforcement agencies, and urged any affected merchants to visit a newly created web site which provides further information.

The breach affects only US merchants, but will be a timely reminder to all e-commerce vendors to perform adequate security checks and due diligence if their sites are hosted by a third party.

Sophos senior technology consultant Graham Cluley said in a blog post that the incident has "the potential to be a public relations disaster " for Network Solutions.

"Network Solutions, however, is smart enough to know that it needs to work quickly in situations like this to make the best of a bad situation," he added.

"For instance, it makes some play out of the fact that it has engaged with social media sites and bloggers to spread information and advice about the crisis, and how affected individuals and businesses should respond."

Steve Moyle, chief technology officer at database security firm Secerno, suggested that the breach could be down to poor patch management.

"IT departments simply do not have the resources to complete these updates in a timely fashion, resulting in network vulnerabilities that are easily exploited," he said.

"What happened at Network Solutions can be considered a primer to the modus operandi of this generation of hackers: malware was planted on locations with access to credit card and other financial data, and the data was grabbed and sent to a location off the Network Solutions network.

"From what we have witnessed at Secerno, we estimate that much of this data was used for immediate fraudulent transactions."

Amichai Shulman, chief technology officer of data security vendor Imperva, argued that the incident could end up being as significant as the massive Heartland Security breach at the beginning of last year.

"The basic problem is that the rise of cloud computing - with many more companies now hosting their data on the internet – makes such databases and the servers they are hosted on, phenomenally attractive," he added.

"The attackers here aimed on the big prize – the servers. Instead of dealing with a site here and there, once they broke into the hosting servers and all the sites were open to them. The lesson is that once you've penetrated the cloud, you've got an easy path to the important, underlying data.”