CNET también está disponible en español.

Ir a español

Don't show this again

Internet

RealNames' customer database hacked

The company, which substitutes complicated Web addresses with simple keywords, is warning its users that its customer database has been hacked, and that user credit card numbers and passwords may have been accessed.

RealNames, a company that substitutes complicated Web addresses with simple keywords, is warning its users that its customer database has been hacked, and that user credit card numbers and passwords may have been accessed.

The company informed its customers of the security breach in an email written and sent by RealNames chief executive Keith Teare early this morning.

"Within the last 24 hours we have identified a situation that may have resulted in our customer information database being compromised, including customer credit card information," the email read.

The attacks occurred late Wednesday afternoon, Teare told CNET News.com.

A user can register and pay for keywords on RealNames' Web site via credit card by filling out a form that includes personal information, such as his or her name, address and email address. RealNames then stores that information in a database, just like an e-commerce company or domain name registrar would with a customer making an online purchase or registration.

The perpetrator was able to access customer records, credit card numbers and passwords. But Teare said there was no evidence that any credit card numbers have been used. The company contacted the FBI and participating credit card companies when the hack was discovered.

"We've added further security over the last 48 hours," Teare said.

RealNames is enlisting Atlanta-based security firm ISS to conduct an audit, Teare said.

The attacks on RealNames were not similar to the distributed denial of service (DDoS) attacks inflicted upon major Web sites such as Yahoo, eBay and Amazon.com earlier this week. Shutdown special report Those attacks merely shut down the sites for roughly a three- to five-hour period. The attack on RealNames was more "malicious" with an intent on accessing private information, a customer service representative said.

In contrast to the DDoS attacks, the attack on RealNames was aimed at breaking into the company's database and redirecting a number of its Internet keyword URLs to a government site in the People's Republic of China, Teare said.

Because hackers commonly fake an Internet address of origin, Teare could not conclude whether the hacker originated in China.

RealNames, based in San Carlos, Calif., has developed a system based on Internet keywords that allows users to type familiar words or phrases to simplify Internet navigation.

The concept is designed as an add-on to search engines and directories and to move from point to point on the Internet, the company said.