Despite a salacious March 8 report by Wired that two lists containing personal information from more than 18 million former iBill clients escaped into the wild, both the Federal Bureau of Investigation and the beleaguered payment processor say there’s nothing to worry about.
The lists contain names, phone numbers, addresses, e-mail addresses, Internet IP addresses, and credit card types, and although they appear to be from online transactions, no one yet has been able to tie them to iBill. Seemingly, no one is trying.
“[We’re not looking into it] because the information is two to three years old. It’s too old for us to be able to investigate. No one keeps records for that long,” says Special Agent Judy Orihuela, a spokeswoman for the FBI’s Miami Division. “We gave [the list] to iBill, and they are the ones who have to look at it to determine whether it was valuable or not.”
Apparently, it is not.
“This leak, as far as we’re concerned, is total bullshit. There is no documentation,” says Gary Spaniak Jr., president of IBD, the parent company of iBill.
San Diego-based Secure Science Corporation, a technology firm specializing in protecting online assets, reportedly discovered the first list, which contains 17 million records, on a website set up by scammers. The list reportedly was discovered in February 2005.
The FBI learned of the list two weeks ago, according to Orihuela. iBill first saw it on Wednesday.
“Basically, it’s an Excel spreadsheet with names, addresses, and supposed IP addresses. Then it says the date and [type of credit card]. There’s no card information, no social security numbers, no nothing,” Spaniak says. “The only thing on the entire list [to link it to iBill] is in the upper left corner: One of the boxes has the word iBill in it.”
The list contains listings for Diner’s Club and Chinese credit cards, two forms of payment iBill never processed, according to Spaniak.
Before receiving a copy of the list from the FBI, iBill received an offer of help – for a fee – from Secure Science.
“In my mind we were blackmailed,” Spaniak says. “They said, ‘We found this information, and we can help [you] not have this information ever get out again. Hire us,’” Spaniak says. “My attitude is ‘No, we don’t have any data leaks. I don’t need to pay somebody.’”
Secure Science did not return a request for comment.
The second list, containing more than 1 million entries, reportedly was found on a spamming site last month by Clearwater, Florida-based anti-spyware firm Sunbelt Software.
Representatives from Sunbelt also failed to return a request for comment.
Admittedly, the current iBill can’t guarantee the lists didn’t originate from the company’s previous owners. In fact, there have been rumors that “iBill lists” were floating around the online adult world for years.
“What was always talked about, but never really proven, is how the sales guys at iBill were selling the iBill email lists out the back door,” says a rep for another billing company.
InterCept Payment Solutions sold iBill to Media Billing, a Penthouse company, in March 2004, while iBill was in serious financial debt and being sued by its own shareholders. In January 2005, IBD finalized the purchase of iBill and Media Billing from Penthouse.
The representative from another billing company says the rumored back-door sales were happening even before the InterCept era, when iBill was owned by its founders.
In the present, iBill claims to have no security issues.
“First of all, we have a brand-new, state-of-the-art Cisco firewall system,” Spaniak says. “We have data officers. There’s no way for this information to get out. Not one employee in the company has the ability to print a list like this.
“We went through a Visa inspection less than six months ago,” he adds. “We passed with flying colors.”
So what’s next? The FBI’s Orihuela says there is nothing for the FBI to investigate, so apparently lawsuits are all that remain to mark the passing of what iBill and the FBI consider a non-event. iBill plans to file suit against Secure Science, Sunbelt, and Wired, Spaniak says.
