Hacker Posts Credit Card Numbers Online

A hacker penetrated an Internet company’s database of credit card numbers and posted more than 55,000 of them online when his demands for money weren’t met.

The FBI is investigating the extortion attempt against Creditcards.com, which processes credit card transactions for online companies, FBI spokesman Matthew McLaughlin said Wednesday. No arrests had been made.

It is the latest of several attacks against companies with online operations in which hackers sought money after stealing credit card information.

The Web site with the credit card numbers, which went up when the extortion fee was not paid, has since been taken down, McLaughlin said.

It was not immediately clear whether any of the credit card numbers had been used. One of the company’s merchants, Ihateshopping.net in Tacoma, Wash., has created a page on the Web site where potential fraud victims can enter their name and address to find out if their credit card number was obtained by the hackers.

In an e-mail sent to its merchants Monday, Creditcards.com stated it was contacted by hackers about three months ago. The e-mail said the hackers appeared to be from Russia and that they threatened to post the credit card information unless the extortion fee was paid.

After being contacted, the company said it immediately adopted a policy that it would neither cooperate with hackers nor pay extortion money.

The e-mail from Michael Stankiewicz, the company’s chief technology officer, said Creditcards.com hired security consultants to improve its ability to protect data and has undergone a complete security audit.

The incident is the latest in a string of attacks against companies that deal with credit card information.

Last year, a hacker stole about 300,000 credit card numbers from online music retailer CD Universe and posted about 25,000 of them on the Internet when a demand for $100,000 was not met. The hacker remains at large.