As Amazon's stock zoomed yesterday, news emerged of a serious security breach at one of its subsidiaries. Bibliofind.com, based in Massachusetts, revealed that a week ago it discovered that its system had been visited by intruders "monthly" since last October. The company announced that personal data on 98,000 of its customers, including credit-card numbers and addresses, had been compromised.
Amazon bought Bibliofind's parent company, Exchange.com, in 1999. Bibliofind lists more than 20 million rare books and ephemera for sale by independent booksellers.
News outlets gave the break-in story scant coverage yesterday and today. InternetNews was among the first to post on Monday, and its sister operation InternetNewsRadio led yesterday's newscast with a story on the security breach. Most of the press accounts leaned hard on a statement by an Amazon.com spokesman that no customer data at the parent company had been put at risk.
CNN reported that when Bibliofind reopened for business on Monday, it was operating strictly as a matching service for buyers and sellers of rare books, not as a broker of monetary transactions.
Many outlets quoted Bibliofind spokesman Jim Courtovich's account of the fiasco, but none raised an eyebrow at what he had to say. The company discovered the four-month-old, ongoing compromise of its customers' data only when hackers defaced the front page of Bibliofind.com on Feb. 26. What does a hacker have to do to get noticed around here, jump up and down screaming? Courtovich claimed that the company had no reports of any misuse of customers' data, but no reporter asked him why someone who noticed unauthorized charges on his credit card would think to tell Bibliofind about it.
Putting the break-in in perspective, James Mackintosh reported for London's Financial Times that online credit-card fraud had grown much less than expected in 2000. He quoted a study done by a payments clearinghouse that implicated organized crime in the bulk of credit-card scams.
Bibliofind.com Finds Out It Has Been Hacked
Hackers Tap Credit Card Info at Bibliofind
Hack at Amazon-Owned Service Exposes Thousands
Amazon.com Unit Bibliofind Says Credit-Card Data Were Compromised
Wall Street Journal
(Paid subscription required.)
Online Fraud Grows More Slowly Than Feared