Security Watch

Keeping Track of patches and hacks in the IT security world.

'Hacker Safe' Site Hacked, Data Stolen

hacker-safe website hacked, data stolen, a Web site that displays ScanAlert's Hacker Safe logo, has been hacked and sensitive customer information may have been stolen.

According to a letter from Genica, the company that runs, the problem was discovered on Dec. 5, 2007 and affected customers' Visa credit card information.

The letter, republished at The Consumerist, reads in part:

"[It] is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website."

The company said it reported the breach to local law enforcement authorities, the U.S. Secret Service and other federal authorities, and Visa. Genica said it had also hired a nationally recognized outside security firm to determine how the incident occurred and to determine the extent of the data loss. is one of thousands of e-commerce sites that display the "Hacker Safe" logo from McAfee-owned ScanAlert to show that it is tested and proven resistant to hacker attacks.

ScanAlert tests and certifies Web sites on a daily basis to "help address concerns about hacker access to confidential data."

However, as this breach shows, there's no such thing as a hacker-safe Web site.

UPDATE: January 8, 2007: In the comments, a ScanAlert representative says:

"So far, no one knows exactly what happened, when it happened, or whether this breach occurred on the web site or somewhere else. There is no evidence that this web site was hacked while it was certified HACKER SAFE. In fact, all of the information that ScanAlert has gathered so far indicates that this breach did not happen while was certified HACKER SAFE."