Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

40 million credit cards hack'd

From: David Farber <dave () farber net>
Date: Tue, 21 Jun 2005 18:57:17 -0400


Begin forwarded message:

From: Gregory Hicks <ghicks () cadence com>
Date: June 21, 2005 6:48:41 PM EDT
To: dave () farber net
Cc: ghicks () cadence com
Subject: Re: 40 million credit cards hack'd
Reply-To: Gregory Hicks <ghicks () cadence com>


From the Firewall-Wizards list discussing "transitive trust"...

-----Original Message-----



Subject: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

40M credit cards hacked
Breach at third party payment processor affects 22 million Visa cards
and 14 million MasterCards.
http://money.cnn.com/2005/06/17/news/master_card/index.htm?cnn=yes

This sounds like (yet another) classical example of "transitive trust
gone wrong." Visa/MasterCard trusted a 3rd party to hold their data
and - oops - the trust was misplaced.




From: "Paul Melson" <pmelson () gmail com>
Subject: RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

And here we go...

http://www.thedenverchannel.com/money/4633901/detail.html

DENVER -- CardSystems Solutions Inc. is admitting it made a huge
mistake after some 40 million credit card accounts ended up in the
wrong hands. Some of those account numbers are already being sold on a
Russian Web site, and some consumers are already finding fraudulent
charges on their statements.

[...snip...]

Credit card data is being bought and sold on what is now a profitable
black market.

"We saw a lot of chatter in Russian chat rooms over the weekend talking
about this as a big win for the good guys, you know, the electrical
crime groups," said John Watters with iDefense.

Sellers of credit card data can make a bundle. Online fraud analysts
estimate a basic Mastercard number is worth more than $42. A premium
card, such as a platinum or gold card with a high limit, is almost
$70.

[...snip...]

Visa and Mastercard estimate that 40 million accounts could be
affected, but CardSystems Solutions said that less than 68,000 credit
cards are at "high-risk."

Everyone is advised to keep a close eye on their statements and to
notify their bank or credit card company as soon if they see anything
suspicious. Cardholders can dispute purchases that were not made by
them and will not be held liable for any purchases determined to have
been made fraudulently.

The compromised data included names, banks and account numbers, but not
addresses or Social Security numbers, so the information could be used
to steal money, but not identities.




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: