This story was written by Keith Dawson for the Industry Standard's Media Grok email newsletter. It is archived here for informational purposes only because The Standard's site is no more. This material is Copyright 1999-2001 by Standard Media.

DoubleClick, Double-Lock the Doors

Mar 30 2001 12:00 AM PST

A French site finds openings in the company's servers, but DoubleClick says everything is OK now.

Last week the French "white hat" hacker site Kitetoa pointed out to DoubleClick (DCLK) (and to the press) that some of the company's servers were wide open to intrusion and had been for perhaps two years. Adding bite to its claims of vulnerability, Kitetoa displayed evidence that crackers could have obtained database passwords on DoubleClick's Abacus Online servers, home to gazillions of records of Americans' offline transactions.

DoubleClick's chief privacy officer told anybody who would listen last weekend that yes, the company had suffered a couple of minor break-ins in non-critical systems, but that everything was secure now.

In stories that ran on Monday, ZDNet more or less took DoubleClick at its word, and InternetNews and MSNBC displayed more skepticism.

The story has been building steam all week. Wednesday saw a story on NewsFactor and a pointed analysis on Slashdot. InternetNews followed up on Thursday, and the Wall Street Journal noted the story today, albeit briefly. Slashdot's Jamie McCarthy pointed out the real worry these stories raise: that DoubleClick's policy and posture toward security may be lax. "DoubleClick should have policies in place to prohibit posting backup data on public Web sites; it should enforce those policies; and when it was done anyway, it should have found the leak with by internal audit," McCarthy wrote.

DoubleClick Hacked Since 1999

Hackers Claim DoubleClick Security Holes

DoubleClick Admits Servers Were Hacked

DoubleClick Security Sloppy

French Group Claims DoubleClick Hacked for Two Years

Continuing Security Concerns at DoubleClick

Hacks Come at Difficult Time for DoubleClick

DoubleClick Says Hackers Tried to Enter Its Systems
Wall Street Journal
(Paid subscription required.)