BreachExchange mailing list archives
Credit card data of up to 15, 000 website shoppers stolen
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 9 May 2019 21:55:24 -0500
https://mainichi.jp/english/articles/20190509/p2g/00m/0na/058000c TOKYO (Kyodo) -- At least seven online shopping sites have been hit by a scam, resulting in the possible breach of some 15,000 customers' credit card data between last October and April, according to companies operating the websites. In the scam, personal information is stolen after customers type in data necessary to make payment on fake settlement screens that they believe are genuine, and that resemble the real ones. Among those compromised are an e-book site operated by Tokyo-based DLmarket Inc., which said in December the credit card information of up to 7,741 customers had been leaked. It later stopped selling items, and in June the entire site will be closed. "The system needs to be rebuilt thoroughly," the company said. Iori Co., a towel store in Matsuyama, Ehime Prefecture, reported in October a data breach affecting up to 2,145 customers. Some of the stolen details, including credit card numbers, names of card holders, expiration dates and security codes, were confirmed to have been used for illegal purchases, the companies said. Most of the compromised shopping sites were created using open-source software called EC-Cube. An official of the software developer said hackers who attacked the websites' servers "targeted the defects caused by improper setting of the websites, not the software itself." In the scam, a fake screen appears when a customer finishes choosing goods, and displays an error message after credit card information is entered. If the customer returns to the previous screen, the genuine transaction site completes the order, and goods are delivered to the customer. Even if customers notice something wrong at this stage, credit card information has already been sent to hackers, IT security experts said. "There seems to be a computer program which automatically finds defective websites. Online shopping operators need to strictly check whether there are any problems in their sites," said Tsuyoshi Tsurushima, an IT consultant well versed in online shopping security. Credit card information is prone to cyberattacks intended to steal money, with data obtained from one card available at several thousand yen on the anonymous "dark web," which facilitates untraceable online activities. According to the Japan Consumer Credit Association, losses from stolen credit card numbers in the country totaled 18.7 billion yen ($170 million) in 2018, the highest since the industry group started compiling data in 2014. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Credit card data of up to 15, 000 website shoppers stolen Destry Winant (May 10)