A 60-year-old hacker was arrested and indicted for breaking into Maserati North America’s Website to steal customer information and for using it as leverage to bilk the company of thousands of dollars.
Bruce Mengler of Solana Beach, Calif., was arraigned yesterday in federal court after his indictment for computer intrusion and extortion, according to a published report. Mengler was arrested last Friday and is accused of hacking into Maserati North America’s Website in early March and stealing customer information that was stored there as part of a special promotion.
Maserati had sent fliers to potential customers, offering them free gift certificates to Omaha Steaks in exchange for test-driving Maseratis. To redeem the certificates, the customers would enter a personal identification number printed on the flier, and then had to update their contact information on the Website. Mengler reportedly hacked into that customer data and then threatened Maserati in several email messages from his Gmail account that he would expose the breach unless the company paid him money. He even provided the names, addresses, and ID numbers of four victims to prove he had the goods.
The company lost over $5,000, according to the indictment, and Mengler will appear in court again on Oct. 31.
“If a hacker was able to gain access to customer information via the promotional website then there is a clear warning here to all companies that they need to properly secure their public websites,” blogged Graham Cluley, senior technology consultant for Sophos today. “It’s all very well asking for potential customers to enter their names and addresses in exchange for free steaks, but you’ll be dealing with higher stakes (groan…) if your website is not properly defended.”
-------------------------------
SQL Injection perhaps?
No comments:
Post a Comment