The unidentified hacker, possibly living in eastern Europe or Russia, calls himself Maxium or Maxus. He claims to have 300,000 credit card numbers and put some of them online in a failed blackmail attempt.
The target wasCD Universe, an online music company. People who ordered online went through a security system, having no idea their credit card and personal information was vulnerable to being stolen.
When the hacker demanded $100,000 from the company, officials refused, and Maxium put some of the numbers online.
Among the 200 card numbers made public online was one owned by Capitol Broadcasting's John Conway.
"It was a little unnerving to get a call from a reporter in Washington who was giving me my credit card number, address, and expiration date," Conway said.
The Internet carried the news.
Touting security,online holiday shoppingraked in $12 billion last year. However, using a credit card is a risk.
"If we go into a gas station and hand it to the guy, where do the carbons go?" said Rowland Archer, CEO of Hart Software. "You go into a restaurant and give it to the waiter, he walks off with it. I've lost control of that number."
Conway says it is possible that the incident was not an act of hacking.
"It's possible that somehow he had access to information from inside one of these companies or a credit card processing company."
E-commerce sites continue to improve security using ever more sophisticated software.
"As that trend continues, then we'll find the whole experience becoming much, much safer, and you'll read fewer of the reports like we saw today," Archer said.
Credit card usersare responsible for only $50 of an invalid charge.
CD Universe notified its customers about the problem, and an investigation involving the FBI is under way.
Copyright 2022 by Capitol Broadcasting Company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.