Last week the French "white hat" hacker site Kitetoa pointed out to DoubleClick (DCLK) (and to the press) that some of the company's servers were wide open to intrusion and had been for perhaps two years. Adding bite to its claims of vulnerability, Kitetoa displayed evidence that crackers could have obtained database passwords on DoubleClick's Abacus Online servers, home to gazillions of records of Americans' offline transactions.
DoubleClick's chief privacy officer told anybody who would listen last weekend that yes, the company had suffered a couple of minor break-ins in non-critical systems, but that everything was secure now.
In stories that ran on Monday, ZDNet more or less took DoubleClick at its word, and InternetNews and MSNBC displayed more skepticism.
The story has been building steam all week. Wednesday saw a story on NewsFactor and a pointed analysis on Slashdot. InternetNews followed up on Thursday, and the Wall Street Journal noted the story today, albeit briefly. Slashdot's Jamie McCarthy pointed out the real worry these stories raise: that DoubleClick's policy and posture toward security may be lax. "DoubleClick should have policies in place to prohibit posting backup data on public Web sites; it should enforce those policies; and when it was done anyway, it should have found the leak with by internal audit," McCarthy wrote.
DoubleClick Hacked Since 1999
Hackers Claim DoubleClick Security Holes
DoubleClick Admits Servers Were Hacked
DoubleClick Security Sloppy
French Group Claims DoubleClick Hacked for Two Years
Continuing Security Concerns at DoubleClick
Hacks Come at Difficult Time for DoubleClick
DoubleClick Says Hackers Tried to Enter Its Systems
Wall Street Journal
(Paid subscription required.)