Interesting People mailing list archives
40 million credit cards hack'd
From: David Farber <dave () farber net>
Date: Tue, 21 Jun 2005 18:57:17 -0400
Begin forwarded message: From: Gregory Hicks <ghicks () cadence com> Date: June 21, 2005 6:48:41 PM EDT To: dave () farber net Cc: ghicks () cadence com Subject: Re: 40 million credit cards hack'd Reply-To: Gregory Hicks <ghicks () cadence com> From the Firewall-Wizards list discussing "transitive trust"... -----Original Message-----
Subject: [fw-wiz] Transitive Trust: 40 million credit cards hack'd 40M credit cards hacked Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards. http://money.cnn.com/2005/06/17/news/master_card/index.htm?cnn=yes This sounds like (yet another) classical example of "transitive trust gone wrong." Visa/MasterCard trusted a 3rd party to hold their data and - oops - the trust was misplaced.
From: "Paul Melson" <pmelson () gmail com> Subject: RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd And here we go... http://www.thedenverchannel.com/money/4633901/detail.html DENVER -- CardSystems Solutions Inc. is admitting it made a huge mistake after some 40 million credit card accounts ended up in the wrong hands. Some of those account numbers are already being sold on a Russian Web site, and some consumers are already finding fraudulent charges on their statements. [...snip...] Credit card data is being bought and sold on what is now a profitable black market. "We saw a lot of chatter in Russian chat rooms over the weekend talking about this as a big win for the good guys, you know, the electrical crime groups," said John Watters with iDefense. Sellers of credit card data can make a bundle. Online fraud analysts estimate a basic Mastercard number is worth more than $42. A premium card, such as a platinum or gold card with a high limit, is almost $70. [...snip...] Visa and Mastercard estimate that 40 million accounts could be affected, but CardSystems Solutions said that less than 68,000 credit cards are at "high-risk." Everyone is advised to keep a close eye on their statements and to notify their bank or credit card company as soon if they see anything suspicious. Cardholders can dispute purchases that were not made by them and will not be held liable for any purchases determined to have been made fraudulently. The compromised data included names, banks and account numbers, but not addresses or Social Security numbers, so the information could be used to steal money, but not identities. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- 40 million credit cards hack'd David Farber (Jun 21)