Vendor of Stolen Bank Cards Hacked

[security curmudgeon <jericho () attrition org>]

http://krebsonsecurity.com/2011/08/vendor-of-stolen-bank-cards-hacked/

Vendor of Stolen Bank Cards Hacked
Friday, August 12th, 2011

I recently wrote about an online service that was selling access to stolen 
credit and debit card data. That post received a lot of attention, but 
criminal bazaars are a dime a dozen. The real news is that few of these 
fraud shops are secure enough to keep their stock of stolen data from 
being pilfered by thieves.

A prime example is the shop mn0g0.su (.mnogo. is a transliteration of 
....., which means .many. in Russian). This online store, launched in 
January 2011, lets customers shop for stolen card data by bank issuer, 
victim ZIP code, and card type. A source who enjoys ruining criminal 
projects said he stumbled upon mn0g0.su.s back-end database by accident; 
the site was backing up its cache of stolen card data to a third party 
server that was wide open and unencrypted.

Included in the database are more than 81,000 sets of credit and debit 
card numbers, along with their associated expiration dates and card 
security code. Each listing also includes the owner.s name, address and 
phone number and/or email address. The Social Security number, mother.s 
maiden name and date of birth are available for some cardholders. The site 
does not accept credit card payments; shopper accounts are funded by 
deposits from .virtual currencies,. such as WebMoney and LibertyReserve.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/