IMPORTANT: NewsgroupDirect Security Breach

There has been a recent data breach at NewsgroupDirect. This is an ongoing investigation and things may change, but as of now we believe that someone unauthorized was able to gain access to our systems between May 1, 2014 and July 8, 2014 (tentative dates). We believe that only new accounts created during this time period are affected. If you paid with Worldpay then you are unaffected.

I am extremely sorry that this happened. Our mission at NewsgroupDirect is to provide the best customer service in the usenet industry, and we’ve let you down.

What You Need To Do

1. Check your credit card statement and look for any unauthorized charges. If you see anything out of the ordinary then please email us with your NewsgroupDirect username and the date that you registered for our service. This is an important part of the investigation. Remember, you are not liable for fraudulent charges on your credit card.
2. Contact your credit card company and have them revoke your existing card and issue a new one.
3. Login and change your password. We don’t have any reason to believe that passwords were compromised in any way, but it’s best to be safe.

What We Are Doing in Response

1. Most importantly, we want to make sure that our customers’ needs are met. If you need help with anything as a result of this data breach then please let me know.
2. Increased Security Measures. We believe that we have identified and fixed the vulnerability that allowed someone to gain access to our system. That’s the first step. Beyond that we will be working to strengthen all of the security measures that we have in place and implement new ones.
3. We will continue with our forensic investigation into this issue and will post a more detailed incident report here when the investigation is completed.

I deeply regret this incident and look forward to earning your trust again.

Jim Lastinger
CEO / NewsgroupDirect

p.s. My personal email is [email protected] Feel free to reach out to me there with any concerns or questions.

Update – July 15

Thanks to everyone for your patience and understanding about this issue.

We have now concluded our investigation. Here’s what we’ve determined:

  • The unauthorized access into our system originated on or near May 28, 2014.
  • The source of the intrusion was stolen credentials from the computer of a developer that was hired (and subsequently fired) over the past couple of months. It appears that there may have been malware and/or a keylogger on his computer that led to our information and information about his personal accounts being taken.
  • The attack was perpetrated by a code insertion into our signup process. This malicious code allowed card data to be harvested before it could be sent securely to our trusted 3rd party storage service.

Changes We’re Making

  • We already routinely cycle all of our system passwords. We’re going to increase the frequency of this cycling.
  • Over the next few days we will start using tokenization in our signup process to make sure that raw card data never reaches our servers in the first place.
  • We will also be implementing new security measures for new employees to insure that their computers are free of any malware before having access to our infrastructure.

Compensation

We realize this has been an inconvenience to our customers. We want to compensate the affected users as best we can. If you signed up for a new NewsgroupDirect account between May 25, 2014 and July 8, 2014, using a credit card, then you will receive the following, depending on which type of account you have.

  • If you have a block usenet account you will receive a free 500 GB block.
  • If you have a subscription then you will receive 2 free months.

Please allow up to 10 days for your account to be updated.

Thank You

We have received an overwhelming amount of support from our customers over the past week. I want to personally thank you for being supportive, understanding, and for continuing to be the best customers in the world.

Please feel free to reach our to us if you have any questions at all.

17 comments on “IMPORTANT: NewsgroupDirect Security Breach

  1. Dan

    Jim, thanks for being transparent and forthright.

    Question: can you explain more about the breach, i.e., was it an internal controls issue (e.g. rogue employee, weak root password), a spearphish attack on an employee, Heartbleed, etc.?

    Particularly if the vulnerability has been addressed, could you tell us (this is a curiosity, I’m a security researcher). If you choose to remain silent, I’ll respect that, but it wouldn’t be the most re-assuring (you know, the whole “security through obscurity”).

    Thanks!

  2. David

    When I saw your $60/year for unlimited account sale, I almost purchased the deal. I am so grateful that I did not jump on the sale. I went through the data security breach with SOE (had to get a new credit card), the one with Target (had to get a new credit card again), the heartbleed one (had to get a new credit card again). It would have sucked to have to get a new credit card for this one all over again.

  3. TTT

    My card was fraudulently used to buy $1000 KLM air ticket and more !

  4. The update to the post talks about how the attack happened. Let me know if you have any more questions, glad to help.

  5. I believe that the card data taken was sold to “carders”. They just randomly charge things to cards to see if the card is valid or not. Sorry for all of the inconvenience.

  6. Carl

    You sure only new accounts created and not transactions made during the period? I buy blocks as needed. Checked credit card and one unauthorized transaction was made in June so I shut down the credit card just to be safe.

  7. Dan

    Unfortunately, I did jump on your $60/year unlimited plan on June 26th.
    What a mistake that turned out to be.
    On July 8 my bank sent me an email inquiring about two questionable charges on my VISA card made that morning. One was for approximately $98.00 and the other for will over $5500. I called the bank and told them that these were unauthorized charges.
    I had to destroy that card and wait for a new one to be issued. Because of your security breach I had to contact all the places that use my credit card for monthly auto-payments. This includes my cell phone billing, TV cable billing, Utility company billing, my Internet provider billing, and my land line provider billing, as well as PayPal and other on-line stores that have my Credit card number on file for purchases. Contacting all these places is very time consuming and angered me with every phone call because this is something I should not have had to do!
    Anyway, thank you for your 2 free months of service for all this inconvenience.

  8. Jason

    I signed up May 27 and haven’t seen any unauthorized charges, but I cancelled the card just to be safe. While this an inconvenience, its not THAT big of a deal…you have to change your credit card info when the card expires.

  9. Guillaume

    Well I guess I was lucky as I only had $250 charged on my credit card. But I wasn’t lucky at all as this happened during my European vacation and it forced us to cut down on visits, museum, and restaurants as available funds went from $5000 to $500 in cash.
    I am not getting my 2 weeks back from my employer, I won’t have a shot at another European trip before at least 3 years.
    500 GB compensation is quite a joke for block users. You should just double whatever block amount we have at the very minimum.

    Not cool, not cool at all.
    G.

  10. John

    AMEX caught the fraud and I had a new card sent to me. Sucks but atleast I now know who was the site that got hacked. I kinda thought it was your company.

  11. Colt

    I feel like the inconvenience gripes are legitimate, but some of the “problem” are the bank’s procedures with the issues. My bank caught the fraudulent activity on the first note at a $1.75 pre-charge and the local manager called me, apologized, removed the 3 additional different small charges and had a new card for me to pick-up that afternoon.

    Breaches happen, it’s why these banks advertise so hard about their “protection”. If the issue had a significant inconvenience on you, change banks; because this probably won’t be the last time this happens in all places cards are used.

  12. someone

    Like Carl above I request a clarification relating to us customers who have made CC purchases from NGD previously but not since May 28. I ask because your post above still have this general recommendation to all readers (adressed as “you”): “Contact your credit card company and have them revoke your existing card and issue a new one.” I have had no unathorized transactions on my card and I’d rather not issue a new one since I’d have to update the card number at google, paypal, amazon and other places and I’d rather not do those manual tasks unnecessarily.

    I’ve been happy with the service from NGD for several years so I won’t jump ship immediately due to the breach, but I hope you keep working hard on giving clear information.

  13. Alex

    Thanks for the update. I updated my password, is there a reason why symbols are not allowed in passwords?

  14. Clyde Watkins

    I bought the 1 TB block at the end of the June I was hit with a 100.00 charge from a grill in Florida Capital One issued a new card and took care of the charge I just hope there is no more

  15. Adam

    I had charges also, for plane tickets which I find weird. Dealt with it straight away no issues(other than I noticed it before my bank did -.-‘). Just good to know where the info was taken from.

  16. Dave Thomas

    He didn’t give me any extra GB in my account

  17. John B

    Just purchased a block 4 days before this happened, cancelled my credit card to be safe. I am still waiting for the 500GB to be added to my account, when can I expect this to happen?