Steps after SQL Injection detected

Posted by Zukas on Programmers See other posts from Programmers or by Zukas
Published on 2011-02-09T20:26:15Z Indexed on 2011/02/09 23:34 UTC
Read the original article Hit count: 222

Filed under:

I've come across SQL injection vulnerabilities on my companies ecommerce page. It was fairly poorly put together. I believe I have prevented future attempts however we are getting calls about fraudulent credit card charges on our site and others. This leads me to believe that someone was able to get a list of our credit card numbers. What doesn't make sense is that we don't store that information and we use Authorize.net for the transaction. If someone was able to get the CC#s, what should I do next? Inform ALL of our customers that someone broken into our system and stole their information? I have a feeling that will be bad for business.

© Programmers or respective owner

Related posts about security