Recently on 15th January'2010, SwoopBug reported that their website security was breached by a hacker. It's a serious issue and other penny auction websites need to learn a lesson from it. Below are the details about the security breach information we received from SwoopBug.
The incident happened on January 15Th. I noticed it because a member had e-mailed support and asked why they were unable to bid with over 45 thousand bids left in their account. This raised a red flag since i would have been aware had someone purchased that many bids over any period of time. I 1st went into the cpanel and checked the members account and noticed that over 4 dozen members had a large quantity of both free, and paid bids in their accounts. Unfortunately that led us to, suspend those members temporarily till we sorted thing out. We started to check several things on the back end and noticed a particular IP address had breached the back end and tried to both manipulate the members accounts ( by adding bids) and attempted access to the raw files and some other sensitive info. Most of the attempts to access the files we not fruitful since we do have a pretty good handle on the security of the site and thus the members confidential info was secure. We did a reverse look up on who is and a trace route, and located the individuals service provider and approximate location. we notified the service provider ( Verizon Internet services ) and advised them of the individuals efforts. What the result is i do not know. we also blocked them from any further access however that does not mean they cannot find another way or methods to continue either on our site or others. ( use of different service providers, computers etc. )
