Risks Of Internet Commerce Shown Security Breach At Starwave Web Sites Was Inside Job, Company Says

More than 2,300 customers of two of the World Wide Web’s most popular sites got a jolt this week when they received anonymous e-mail saying their credit card numbers had been plucked off ESPN Sportszone and NBA.com.

To drive home that the notice was no joke, the messages, which were signed by “an anonymous organization seeking to make the Internet a safe place for the consumer to do business,” included the last eight digits of each recipient’s credit card number.

The messages, which appear to be more of a wake up call than a threat, went on to say “You are the victim of a careless abuse of privacy and security. This is one of the worst implementations of security we’ve seen.”

None of the credit card numbers had been used, said Patrick Naughton, president and chief technology officer of Starwave Corp., which operates both sites. Only customers who purchased goods through the sites’ online stores were affected, he said.

Starwave blamed 1-800-PRO-TEAM, a Palm City, Florida company which it hires to process its online orders.

Rather than being a case of high level computer hacking, this is actually a case of someone at PRO TEAM using a company password to view orders after they were sent online, said Naughton.

Starwave sent electronic and postal mail warnings to 2,397 customers saying “We have no reason to believe that the perpetrator intends to commit fraud with your credit card. But as a precautionary measure you should contact your credit card company.”

Starwave has closed the online stores while it revamps its security system, including changing passwords and requiring that employees of 1-800-PRO TEAM telephone Starwave for a new password each time they want to access customers’ personal information, Naughton said.