Data For 26 Million Stolen Payment Cards Leaked In Hack of Fraud Bazaar (arstechnica.com) 7
An anonymous reader quotes a report from Ars Technica: A thriving online bazaar selling stolen payment card data has been hacked in a heist that leaked the records for more than 26 million cards, KrebsOnSecurity reported on Tuesday. The 26 million figure isn't significant only to the legitimate consumers and businesses who own the stolen cards or the financial institutions that issued them. Fortunately for the card owners, the database is now in the hands of affected financial institutions, who can invalidate and replace the cards.
The hacked market is called BriansClub, a site available at BriansClub[.]at that, for years, has imitated Krebs' site and likeness. The data taken in the hack shows that BriansClub acquired 1.7 million cards in 2015, 2.9 million in 2016, 4.9 million in 2017, 9.2 million in 2018, and 7.6 million in the first eight months of this year. Most of the pilfered data is composed of "dumps," the term card thieves use to describe data that's stored on the magnetic stripe of payment cards. The stolen dumps can be transferred to new cards that crooks use to buy electronics, gift cards, and other large-ticket items from big-box stores. An analysis based on how many of the cards had expiration dates in the future suggests that more than 14 million of the leaked records could still be valid. Based on the pricing tiers listed on BriansClub, the haul represents about $414 million worth of lost sales, security intelligence firm Flashpoint told Krebs. By tracking the cards that were once available for sale and later removed, Flashpoint estimated that BriansClub has sold data for about 9.1 million cards for about $126 million. Federal prosecutors often value each stolen credit card record at $500, a sum that represents the average cost incurred from each compromised holder. Based on that estimate, the 9.1 million cards translates to about $2.27 billion in losses.
The hacked market is called BriansClub, a site available at BriansClub[.]at that, for years, has imitated Krebs' site and likeness. The data taken in the hack shows that BriansClub acquired 1.7 million cards in 2015, 2.9 million in 2016, 4.9 million in 2017, 9.2 million in 2018, and 7.6 million in the first eight months of this year. Most of the pilfered data is composed of "dumps," the term card thieves use to describe data that's stored on the magnetic stripe of payment cards. The stolen dumps can be transferred to new cards that crooks use to buy electronics, gift cards, and other large-ticket items from big-box stores. An analysis based on how many of the cards had expiration dates in the future suggests that more than 14 million of the leaked records could still be valid. Based on the pricing tiers listed on BriansClub, the haul represents about $414 million worth of lost sales, security intelligence firm Flashpoint told Krebs. By tracking the cards that were once available for sale and later removed, Flashpoint estimated that BriansClub has sold data for about 9.1 million cards for about $126 million. Federal prosecutors often value each stolen credit card record at $500, a sum that represents the average cost incurred from each compromised holder. Based on that estimate, the 9.1 million cards translates to about $2.27 billion in losses.
Re: (Score:1)
They couldn't secure their servers either. Looks like just more assholes that should have hired me instead. How ironic.
Re: (Score:2)
Re: (Score:2)
Obligatory (Score:2)
<Nelson>"Ha ha!"</Nelson>
Re: (Score:2)
Re: (Score:2)
No excuse now, they can use facial recognition for validation. Ideally the merchant attempts to make a claim on your credit card. The credit card issuer calls you, details the claim of payment, and wants the password to clear it, with your smart phone and it's camera pointed at your face and speak the password provided on the screen and type your password and authorisation sent to the merchant to allow payment. It could be all automated and very hard to sneak past. When you get your sim, your face is record