Ripped from The Register: Now we know why CCBill was so terrified of taking verbal questions from a live reporter, and insisted instead on receiving faxed questions to which it could reply with canned responses.
As far back as March the company had warning that they were running an insecure CGI with their entire merchant database, including FTP/SSH logins and passwords, exposed to easy exploitation.
Anti-CC fraud outfit CardCops notified the company in a memo dated 13 March 2001 that one of their sources in the carding community had heard of the glitch.
CCBill silently removed the weak CGI, crossed their fingers, and hoped for the best. The company did not warn its clients that their servers could now be rooted effortlessly and their customers" credit details downloaded for posterity, to be traded in IRC.