Crackers have broken into the web site of a UK mobile phone accessory supplier and published the names, addresses and other personal information, including credit card details, of its customers on the web. A web page was created on the site of Ecstatic Ltd, which sold radiation shields for mobile phones and went out of business at the beginning of June, listing the credit card details of a number of customers and employees of the company. A message criticizing the lack of security on the site was appended to the list.
NetDirect Ltd, the ISP that hosts the Ecstatic site, denied responsibility for the lack of security, saying in a statement: We cannot be held responsible for the actions of disgruntled employees of Ecstatic who had access to passwords. When the firm went bust, all its employees were laid off. Although the intrusion first came to the attention of NetDirect on Saturday, the page containing the card details was still up on Monday afternoon, until ComputerWire alerted the firm. The page was easily accessible from hyperlinks posted to usenet newsgroups.
The situation came to light after a newsgroup posting from self-publicist cracker David Habanec, who last week published the personal details of subscribers to ISP CurrantBun.com using a bug in the login routine, in order to increase his notoriety. Habanec denies he was involved in the Ecstatic crack.
