pl.net netnews: Bibliofin 02/05/2001

Bibliofind Lost Starting October
Posted 3rd May 2002001

2000 Bibliofind, one of largest online seller of books, was the subject of a crack-attack. The result has been the end of online sales and probable selling off to a `competitor', Amazon, of Bibliofind and a blow to the perception of online commerce. Conspiracy theories abound, however one thing is true, Bibiofind sent out the following email to all 70,000 Bibliofind dealers and another email quoted below was sent to all customers who bought books via Bibliofind between October 2000 & February 2001 - that is probably millions of people. Very probably very few of Bibiofind's ex-clients will feel like buying books over the Net again in a hurry (if ever). Is there some gold in this mess? I think so. If online commercial operators were to treat credit card data as a one-off sale and purchase and never save credit card information in any form after completion of each transaction, it might cost a bit more, but it might also save the a business from such fatal attacks as witnessed here. More, the security of commerce online would be greatly enhanced. Dear Bibliofind Dealer: Bibliofind has just learned of a security violation that compromised the security of buyers' credit card information stored on Bibliofind servers, and which has existed on our site since last October.

Today, we sent all affected Bibliofind customers an email notifying them of this situation. We have no information at this time that leads us to believe that our customers' credit information has been misused, but we have alerted them as a precautionary measure. In addition, we have no evidence suggesting that Bibliofind dealer credit card information has been jeopardized in any way, as this information is maintained in a separate database. We have been in contact with the federal law enforcement authorities and the appropriate credit card companies on this matter. In turn, the credit card companies are notifying the card issuers and banks so that they can take whatever steps may be necessary to protect the interests of affected cardholders. In order to ensure this doesn't happen again, we have removed all buyer credit card information, physical addresses, and phone numbers from Bibliofind's servers. We expect to bring the Bibliofind system back into operation shortly. Bibliofind will continue to serve as a "matching" site between buyers and independent booksellers.

Customers will now email you directly when they would like to purchase an item that you have listed on Bibliofind. At that point, you can then communicate directly with the buyer to complete the transaction. Additionally, Bibliofind will now be a free service for dealers. We apologize for any inconvenience this may cause you and appreciate the business you do through Bibliofind. If you have any questions, please email us at dealers@bibliofind.com. Sincerely, Bibliofind Dear Bibliofind Customer: As you may know, Bibliofind has learned of a security violation on its site that compromised the security of some customers' credit card information. Although we have no information at this time to suggest that any credit card you used to make a purchase from a Bibliofind dealer has been misused in any way, we wanted to notify all our customers as a precautionary measure. If you have specific questions about your credit card account, please contact the issuer of your credit card. To ensure this doesn't happen again, we have removed all customer credit card information, physical addresses, and phone numbers from Bibliofind's servers. We apologize for any inconvenience this may cause you. You can contact us with questions at info@bibliofind.com. Sincerely, Bibliofind