Wired News reported Tuesday afternoon that 17 million customers of the third-party processor have had their personal information released over the Internet.
Further, security experts said in the report, the data is being bought and sold in a black market made up of thieves.
In an interview with XBiz, Interactive Brand Development President Gary Spaniak denied the allegations and said the Wired story “makes no sense.”
IBD owns iBill and has additional investments, including a 34.7 percent equity in Penthouse Media Group Inc. and an interest in Interactive Television Networks Inc., formerly XTV.
“We don’t even have 17 million customers,” Spaniak said. “The FBI reached us two weeks ago, regarding this claim. I don't know where these companies [in the Wired story] got their information.”
Wired said the transactions documented in the database are dated between 1998 and 2003.
Spaniak, in a later interview, said iBill since its inception has less than 10 million unique customers.
The security experts said in the article that the stolen data includes names, phone numbers, addresses, email addresses and IP addresses.
They also said that other fields in the compromised databases appear to be logins and passwords, credit card types and purchase amounts, but credit card numbers are not included.
The iBill customer data were allegedly discovered separately by two security companies while conducting routine research into malware.
Secure Science Corp. found the first data file containing records on 17 million individuals on a private website set up by scammers, the report said. The site was part of a so-called "phishing" scheme.
Another company, Sunbelt Software, found an additional list of slightly more than 1 million individual entries labeled Ibill_1m.txt on a spamming website, the report said. That list also appeared to date from 2003.
Secure Science found its data in February 2005 and reported it to the FBI, the company said.
The FBI, Sunbelt and Secure Science did not return calls Tuesday night to XBiz.
