BreachExchange mailing list archives
Hackers hit New York tour firm, access 110, 00 bank cards
From: security curmudgeon <jericho () attrition org>
Date: Tue, 21 Dec 2010 01:24:15 -0600 (CST)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.computerworld.com/s/article/9201822/Hackers_hit_New_York_tour_firm_access_110_00_bank_cards By Robert McMillan IDG News Service December 20, 2010 Hackers have broken into the website of the New York tour company CitySights NY and stolen about 110,000 bank card numbers. They broke in using a SQL Injection attack on the company's Web server, CitySights NY said in a Dec. 9 breach notification letter published by New Hampshire's attorney general. The company learned of the problem in late October, when, "a web programmer discovered [an] unauthorized script that appears to have been uploaded to the company's web server, which is believed to have compromised the security of the database on that server," the letter said. CitySights NY believes that the SQL injection compromise occurred about a month earlier, on Sept. 26. In a SQL injection attack, hackers find ways to sneak real database commands into the server using the Web. They do this by adding specially crafted text into Web-based forms or search boxes that are used to query the back-end database. This was one of the techniques used by Albert Gonzalez, who in March received the longest-ever U.S. federal sentence related to hacking the systems of Heartland Payment Systems, TJX and other companies. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Hackers hit New York tour firm, access 110, 00 bank cards security curmudgeon (Dec 23)