Network News

X My Profile
View More Activity

Alpha Software disclosure leads to confusion

A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real.

alphasoft.JPG

Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed by similarly confused users posting to the company's online forum. The e-mail notice to affected customers reads:

November 9, 2009

Dear Customer,

We have been informed that there has been a security breach at the Internet Service Provider where our web site is hosted. This may have resulted in your credit card information being compromised. While it is entirely possible that your credit card information has not been stolen, in the interests of caution, we recommend that you contact your credit card provider to discuss what steps, if any, they recommend.

Going forward, we no longer store credit card information on our side. This will eliminate any risk associated with placing credit card orders on our site.

We thank you for your support and look forward to helping you build your businesses and organizations with Alpha Five Version 10.

Sincerely,

Alpha Software

Not only does the company straight away blame someone else for the breach, there is no apology or even sense of remorse.

This is a bit like crashing into someone's car in a parking lot, and then leaving a note on the wrecked car's windshield saying "Gee, it looks like your car got messed up. That really stinks. You might want to have a mechanic look at it. Going forward, I'll try to pay more attention to those lines on the road. This will reduce the chances of your car and mine being in the exact same place at the same time."

I reached out to Alpha Software co-chair Richard Rabins by phone and e-mail, but for the past 10 days he has declined to respond to questions about the incident. Alpha Software did not identify the ISP or the source of the breach. I checked with Alpha's hosting provider, Web.com, to see whether they'd had a breach recently that might explain this. Roseann Duran, chief marketing officer at Web.com, said the company is unaware of any problems.

"There is no security breach at all in terms of how this account has been handled," from Web.com's end, Duran said.

She noted that Alpha has been a customer for a number of years, but that recently the company was unresponsive to several e-mail and snail mail notices stating that Web.com was getting ready to "migrate" or upgrade a number of Web servers, including at least one server holding some of Alpha Software's data (Duran couldn't say whether it was Alpha's payment data or not).

By Brian Krebs  |  November 20, 2009; 1:15 PM ET
Categories:  From the Bunker , Safety Tips  | Tags: alpha software breach  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: FDA targets rogue Internet pharmacies
Next: New attack targets weakness in Internet Explorer

Comments

Alpha Software has always been a sales driven organization. But they seem to be tone deaf as to how badly this can affect sales. They didn't even give enough information so you could know that if you called up and gave them your credit card information over the phone that that would not be compromised.

Maybe they have outsourced all their technical people to Outer Mongolia for the low wages.

Posted by: eteonline | November 20, 2009 2:47 PM | Report abuse

The latest Google scam ---- NEVER IN DOLLARS


Reply

|
©2009 Google Anniversary Lottery


show details 8:51 PM (3 hours ago)


Dear Sir/Madam,
Congratulations to you!! You have just been picked as one of our lucky winners of £850,000 British Pounds. For more details,contact Mr. Grahams Benfield with the email addresses below by sending your full names, sex , location and Ticket Number:00869575733664.
Mr. Grahams Benfield,
E-mail(s):mrgrahamsbenfield1.office@gmail.com, grahamsbenfield@8u8.com.

This Lottery Promotion is totally free of charge!!
Wishing you good luck!!
Mr. Helnon Richard
Promo Coordinator.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Posted by: brucerealtor@gmail.com | November 21, 2009 12:34 AM | Report abuse

"419" Scam – sender domain 8u8.com:

* About the 419 scam
* Frequently asked Questions (419 FAQ)
* Is that email a scam? Check it here!
* Phone numbers used by 419 scammers
(+225 +229 +234 +27 +31 +32 +34 +44 other)
* Company names mentioned in 419 spam:
1 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
* How to report 419 spam to us
* What can you do when you receive 419 spam
* Names of people mentioned in 419 spam
* IP addresses / ISPs used by 419 scammers
* Email addresses used by 419 scammers
* Domains registered by 419 scammers
* Opinions about the scammers and their victims
* Support our efforts to stop scams!

Posted by: brucerealtor@gmail.com | November 21, 2009 1:18 AM | Report abuse

"your full names, sex , location"

Yeah, like they would believe my Full Name (proper noun), gender (sex is none of their business), and address (unless they are going to air drop the cash to my latitude and longitude).

Gannon J. Dick

Posted by: gannon_dick | November 21, 2009 8:35 AM | Report abuse

This comes from a reader who had trouble signing in and leaving a comment:
---

My comment is what should they have done different? I looked at several examples of 'recommended' formats for breach announcements and they were all similar to what Alpha sent; dispassionate, an obvious _lack_ of detail like the affected cc number(s), no apology, no detail at all, just the warning and acknowledgment of the breach. Even AmEx examples matched this.

The other comment is you label the open discussion on the Alpha forum as 'confusion'. It's not, we talk through EVERYTHING with passion. The bulk of the comments there were in favor of their announcement.

And just to be sure, I don't mean to defend Alpha, I think it ultimately is their responsibility. ISP's are normally not at fault, it is the web application and other security measures in place, or not that allow/disallow a breach. The fault lies with Alpha alone.

Posted by: Brian Krebs | November 21, 2009 1:27 PM | Report abuse

OUR NEXT GOOGLE SCAM OF THE DAY

Dear Internet user, E-mail Account termination Alert

Inbox X


Reply

|
Team
to customer

show details 2:29 PM (5 hours ago)

Security Precaution

Your email address needs verification for user safety. There is an on going email congestion due to anonymous
registration of our service so we are shutting down some email accounts and your account will automatically
to be deleted. Still interested in using our services,please filling the space below for verification purpose by clicking the reply button.

User name: ...........................

Password: ............................

Date Of Birth ........................

Country: ................................

Your account will not be interrupted after following the instructions and your service will continue as normal.
Thanks for your attention

Notice: Account owner that refuses to verify his/her email account after one week of receiving this notice will
lose his or her account permanently. We apologize for any inconveniences.


The Gmail Team

Posted by: brucerealtor@gmail.com | November 21, 2009 8:02 PM | Report abuse

Headings like «The latest Google scam» and «OUR NEXT GOOGLE SCAM OF THE DAY» would seem to be designed to lead readers to infer that Google lies behind these scams, rather than that the firm's services are being abused. If «brucerealtor» possesses evidence to the effect that the former explanation is more likely than the latter, I suggest he present it here on this thread. If not, perhaps he would be advised to exercise a bit more care in formulating headings....

Henri

Posted by: mhenriday | November 23, 2009 4:09 PM | Report abuse

mhenriday IS CORRECT AND I APPOLOGIZE

Posted by: brucerealtor@gmail.com | November 23, 2009 10:59 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company