Guys, OK, the GoldNow server logs show an interesting story. Apparantly, the hacker has used a little known security hole in the software we use (now fixed), and used that to gain access to our database. (Thank you for the education.)
I have determined from an examination of the server logs that pretty much the only thing this hacker did was gain access, change all the staff passwords, send out 2 sets (same wording, some bad language) of fake emails to customers and then log out. However, he did publish the new login and password, so we are now taking massive action to advise potentially affected customers. Fortunately, after we "complete" an order, we encrypt the credit card details of every customer. The only credit card details showing at any time in our system is the pending orders, and follow up orders. So, we will be advising all folks in those catergories about the potential problem, and obviously rejecting the orders. Debited orders will be paid, and also advised about the potential problem. GoldNow programmers have made serious changes to the system, enabling better security until the *next* hack attempt. Most hackers don't get through the gates, this was very unusual. However, the GoldNow system is now stronger as a result. Thank you for your patience, and most of all, your understanding. This was a serious break in. In spite of my perpetual optimism, I am not treating this lightly. To all of you who sent supporting emails/phone calls, I'll get back to you asap, just a tad busy at present! Graham Kelly CEO --------------------------------------------- GoldNow http://www.GoldNow.St Primary Customer Service +61 3 9776-4886 US Phone 1-866-999-1717 US Fax 1-213-559-8555 UK Phone +44 (0) 709 233-7612 UK Phone +44 (0) 709 201-4015 CEO Order your GoldNow debit card today, at https://www.goldnow.st/debit_card_buy.asp --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
