Internet Hacker may have stolen credit card numbers

SAN CARLOS, Calif. (AP) - A computer hacker electronically broke into RealNames, a company that sells Web-site operators keywords to help Internet users find long online addresses, and may have stolen passwords and credit-card numbers.

The company reported the attack Thursday to the FBI, customers and credit card companies. The sabotage capped a week of high-profile hacking incidents, but is believed to be unrelated to the others, which include attacks designed to overload Web sites for Yahoo!, CNN and eBay.

RealNames officials aren't sure if the hacker actually obtained the credit card numbers, but computer logs indicate that someone tried several times, chief executive officer Keith Teare said Friday.

About one-third of RealNames' 50,000 corporate customers - which include Women.com and eBay - pay with a credit card, the company said.

The credit card numbers of people who shop on sites that use RealNames' technology were not in jeopardy.

The FBI continued to investigate as three California universities confirmed that their computers or equipment had been linked to the other recent hacking attacks.

University of California at Santa Barbara, UCLA and Stanford officials all said it was unlikely the hackers were based on campus. Hackers often use university or large business computer systems for attacks because it's easier to hide in a large volume of computer traffic.

Special Agent Charles Neal, head of the FBI's computer crime squad in Los Angeles, said the attack on CNN.com that was linked to UCSB left behind traceable log files.

''Those might point back to (the culprit). We hope to find that,'' Neal told the San Francisco Chronicle. ''It's among the better clues we have to identify him (and) where he was going.''

RealNames' disclosure comes just weeks after CDUniverse, a popular online music retailer, said hackers stole up to 350,000 credit card numbers from its computers.

Last month, Pacific Bell asked users to change their passwords after hackers stole 60,000 of its passwords and broke into more than two dozen other Internet service providers, businesses and schools.

Teare said RealNames didn't scramble the credit card numbers on its own computers because they were thought to be safely secured behind an electronic shield called a firewall.

Teare said the company has installed a second firewall and encoded the numbers. It also asked ISS, an Internet security firm in Atlanta, to help fend off future attacks.