The incident spotlights the potential perils of e-commerce. Because the Internet erases geographic divisions that previously separated scam artists from potential prey, swindles are constantly popping up that enable people to take advantage of businesses and consumers in distant nations. But don't cut up your credit cards just yet. E-commerce may be growing faster than security technologies but then again, a spate of scams accompanied the proliferation of credit cards in the '60s, and retailers quickly adjusted. Cybercash, the software maker that manufactures the security system used by CD Universe, says it detected a flaw in the system over a year ago and promptly released a software patch to plug the leak. It's not known whether the card numbers were lifted before the patch was created, or whether CD Universe ever used it and that's assuming it's the same flaw Maxim exploited. But the next time an e-commerce site receives a threatening e-mail from an Eastern European server, it just might want to notify the authorities.
Who says cyber-pirates can't be trusted? Last month, web retailer CD Universe received the following faxed threat from someone claiming to have hacked 300,000 customer credit card numbers from the site: "Pay me $100,000 and I'll fix your bugs and forget about your SHOP FOREVER... or I'll sell your cards and tell about this incident in the news." When CD Universe ignored the fax, the hacker made good on his word. On Christmas Day 25,000 credit cards were posted on a site called Maxus Credit Card Pipeline. Then, last week someone claiming he's a 19-year-old man named Maxim who lives in Russia e-mailed a reporter, boasting that he was the culprit and offering 198 credit card numbers as proof. The reporter followed up, and found that the numbers were legit and had been taken from people who'd used CD Universe.