I regret to advise that PrefInfo.com has recently been hacked. I believe that this hack has been operating for – probably, at least – two days.
The code for the hack has been removed from the index page, and I now seek to engage an expert to review security on the server – the site is hosted on RedHat Linux.
Please feel free to suggest experts.
James: What’s the risk to subscribers? Were userids and passwords collected? What about credit cards used for prefletter purchases?
Thanks for letting us know by the way.
No risk to PrefLetter subscribers. PrefInfo.com was hacked, but PrefLetter.com is unaffected.
Even at worst, risk to clients of Hymas Investment Management (however they may be clients) is minimal. There is a database of subscribers to PrefLetter on-line, but it’s just eMail addresses and transaction records. Transaction records have just the name and the last four digits of the card; full details have to be collected, of course, but are not recorded.
The only passwords used by HIMI clients are:
i) Temporary passwords to get access to videos & subscriber download on PrefLetter
ii) Make comments on PrefLetter
iii) access HIMIPref™ (this is hosted on a different server)
I hope that’s reassuring. The hack, by the way, was only some Javascript to play a video from China – an advertising hack, not a Trojan, spyware or other viral hack.