BreachExchange mailing list archives
Vendor of Stolen Bank Cards Hacked
From: security curmudgeon <jericho () attrition org>
Date: Sat, 13 Aug 2011 17:15:19 -0500 (CDT)
http://krebsonsecurity.com/2011/08/vendor-of-stolen-bank-cards-hacked/ Vendor of Stolen Bank Cards Hacked Friday, August 12th, 2011 I recently wrote about an online service that was selling access to stolen credit and debit card data. That post received a lot of attention, but criminal bazaars are a dime a dozen. The real news is that few of these fraud shops are secure enough to keep their stock of stolen data from being pilfered by thieves. A prime example is the shop mn0g0.su (.mnogo. is a transliteration of ....., which means .many. in Russian). This online store, launched in January 2011, lets customers shop for stolen card data by bank issuer, victim ZIP code, and card type. A source who enjoys ruining criminal projects said he stumbled upon mn0g0.su.s back-end database by accident; the site was backing up its cache of stolen card data to a third party server that was wide open and unencrypted. Included in the database are more than 81,000 sets of credit and debit card numbers, along with their associated expiration dates and card security code. Each listing also includes the owner.s name, address and phone number and/or email address. The Social Security number, mother.s maiden name and date of birth are available for some cardholders. The site does not accept credit card payments; shopper accounts are funded by deposits from .virtual currencies,. such as WebMoney and LibertyReserve. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Vendor of Stolen Bank Cards Hacked security curmudgeon (Aug 17)