Porn billing processor iBill leaked 17 million of its customer's records to hackers to be sold on the black market.
This is just one of many security breaches that have occurred in the last two years concerning people's private data on the web. I don't believe that this type of fraud is unique to the web, as there have been investigations of gangs that get members hired at banks to steal money from customers and more importantly to get personal information on customers so they can steal identities.
What makes this theft interesting:
1. The scope. 17 million customer records is huge
2. The nature of the theft. In this case, no credit card numbers, no social security numbers, or other such identifying data was found, just addresses, emails, and the like.
Those two features speak to it being an inside job.
I have been advocating for a while the practice of encrypting data in customer databases so that it would be much harder for someone to pull of this type of job. If you leave everything in cleartext, and have lax security rules (which a lot of computer companies do have) this is going to keep happening. If, however, you by default encrypt everyone's data as it comes in, someone can't just peek in the database and extract people's information.
This does make development more expensive, and it would slow down some activities on the web, or even over the phone as we deal with customer service reps on the phone, but I'm willing to eat both costs, because think if someone inside Amazon got disgruntled and pulled down their entire customer database and sold it on the black market! How expensive would that get for everyone?
For the record, I believe that Amazon probably has very strict security rules for their customer data and is probably encrypting quite a bit of data to begin with.
