Richard Baker and Nick McKenzie report:
Computer hackers have penetrated the database of Australia’s biggest internet domain name auction house, possibly accessing client home addresses and encrypted credit card numbers.
Netfleet yesterday told clients of the security breach and said it had reported the incident to the Australian Federal Police and CERT Australia – the National Computer Emergency Response Team in the Attorney-General’s Department.
Read more on Sydney Morning Herald. Michael Lee of ZDNet reports that the site is back up and that:
Hackers gained access to the database by exploiting a vulnerability found in its third-party billing and support software, WHMCS, that the company uses.
Netfleet CEO Mark Lye told ZDNet Australia that the hackers were able to upload files by exploiting WHMCS’s support ticket system. By about 2am AEDST the company was able to report that the security hole had been found and had been permanently fixed.