You've Been Hacked! Now What?
Your day began by learning that one or more hackers had compromised your site's servers, gaining access to customer account information and possibly credit card details. The trust customers place in you, essential for your survival, is at stake. Luckily, you have prepared for such an eventuality by putting in place a disaster plan that can quickly lock out the hackers, assess the full extent of the intrusion, restore any missing data, and ensure your customers know exactly what happened, what your response is and what impact this has on them. You don't have such a plan in place? Then take notes from a firm that recently found itself in this position.
Earlier this week I received an email from Campaign Monitor, which provides a range of services for those creating and managing email campaigns. This sounds a bit banal, but their focus is on designers who manage such campaigns for their clients (looking for a new revenue stream?). That, plus the excellent tips related to HTML email newsletter creation, has kept me on their list, after having used their browser testing service for the Graphics.com newsletter at one point.
The email began in a forthright manner that was to be hallmark of how Campaign Monitor chose to manage a serious intrusion on their servers, which led to compromised client mailing list data that the hackers then used for spamming purposes:
"This is unfortunate news to have to give you, but unfortunately Campaign Monitor has been attacked by one or more hackers, and some accounts have been compromised. This has been a deliberate, planned and complex intrusion and we are still in the process of handling the hacks and the impact.
For accounts we know were accessed, we have sent a separate email.
For the full details please see our blog post here.
We are working extremely hard to fully resolve this issue and I want to apologize for what is a critical failure in our service to you and your clients.
Again, please see the blog for details and updates as we know more. The blog is also the best place for questions so we can answer them more effectively for everyone."
So they began by contacting all their customers, not just those who they knew were affected, and then pointed everyone to a
blog/FAQ. To retain customer confidence, they announced that they had put together a team of "external security experts, database experts and hosting providers" and further managed customer reactions via their Twitter-based support team. And then followed up with another blog post. Rather than burying the issue, these posts are featured on the home page of the site.
The upshot? Despite the potentially significant impact of this on customers and their clients, respose was initially almost completely supportive, with high praise for their "transparence." This has warn thinner, with recent comments taking them to take for a perceived lack of attention to security issues. But on the whole, Campaign Monitor seems to be avoiding what could have been a catastrophic meltdown, with every indication of emerging from this ordeal in a stronger position than before.
Would you be able to say the same, if the hackers had come calling on your site?
Chris Dickman
Founding editor, Graphics.com
If you're going to run a server it is always a good idea to pick up a book on hacks and cracks to read. Learning how people break security systems is a great way to make something more secure.