TheNerds.net was trying to evaluate how many of its 100,000 customers were affected by the break-in, President David Kriegstein said. Scores of customers reported getting e-mail directly from the alleged hacker, and the company began directly notifying all customers that their credit card information, home address and phone numbers may have been stolen.
"From the looks of it, it wasn't hard to get every last bit of my identity necessary to facilitate fraud," said customer Maxwell Shantar, who got an e-mail from the intruder and in turn, sent an angry e-mail to TheNerds accusing them of not doing enough to protect customer information.
Kriegstein said his company has discovered how the intruder got into the site Tuesday afternoon and has taken steps to prevent it from happening again. He would not elaborate on the nature of the vulnerability, or how long the intruder was in the system.
Initially, executives of TheNerds e-mailed customers to say that there was no evidence the hacker had gained access to customer information. But the intruder, calling himself "Zilterio," proved that he had indeed grabbed vital information by e-mailing customers. The e-mails, reviewed by CNET News.com, listed the customer's personal information, such as credit card numbers, phone numbers and addresses.
"Zilterio" is the name used by a hacker who hasa host of e-commerce sites and is believed to operate somewhere overseas. Last summer, he broke into online gift certificate company Ecount and made off with home and e-mail addresses of customers but was prevented from taking credit card numbers.
Between 100 and 200 customers contacted TheNerds about receiving the e-mails, according to Kriegstein.
"We don't believe he got ahold of the entire database," he added. "If he did, we'd have had been overwhelmed with phone calls."
One of the greatest threats to online merchants is hackers whoon Web sites with the intent of stealing credit card numbers. The thieves profit by selling the credit cards on the black market or by ordering products online and then fencing them. Because the hackers often cover their tracks by launching attacks on online stores from multiple servers, catching these kinds of criminals has proven a challenge for investigators.
Fraud cost e-tailers $700 million in lost merchandise last year, according to Avivah Litan, a financial analyst for research firm Gartner. Some large Internet retailers have software that screens transactions and refuses to sell to customers who appear suspicious. Litan estimates that this costs Web stores between 5 percent and 8 percent of sales.