Search This Blog

Showing posts with label Credit Card. Show all posts

An Online Date Led to an Inquiry into 'Systemic' Failures at American Express

 

Last summer, John Smith* had just returned to Sydney after more than a decade abroad when he met someone online. He began chatting with a man named Tahn Daniel Lee on the dating app Grindr. Lee was undergoing treatment for COVID at the time, so they communicated online for a few weeks before meeting in Sydney's Surry Hills for their first date - a Japanese dinner followed by Messina ice cream. The date would be one of many in a relationship that progressed quickly before taking a dark turn when Smith began to suspect Lee was watching his bank accounts.

The Age and The Sydney Morning Herald can disclose that American Express, one of the world's largest financial companies, would not only dismiss Smith's initial complaint without proper investigation but would also provide misleading information during an external inquiry. It comes after two major ASX-listed companies, Optus and Medibank, revealed sensitive identification and health data to criminals, igniting a national debate about how to best deal with emerging cyber threats.

The "insider threat," according to cybersecurity experts, is a major risk, and the Privacy Commissioner's inability to penalize companies that violate the law has created a culture of impunity among corporate Australia.

“Because, what is the recourse? Businesses just aren’t doing the risk management that’s required. The tone starts from the top, ” says former Australian Federal Police investigator turned cyber expert Nigel Phair.

Smith's first assumption of Lee was that he had a charming smile, and the relationship developed quickly. Lee worked as a relationship manager for American Express Centurion, an exclusive club for black cardholders who spend at least $500,000 per year.

Smith had a platinum American Express card from living in the United States, but Lee suggested he sign up in Australia so he could illustrate how to maximize the benefits. He consented and began using American Express as his primary banking card shortly thereafter. After a series of comments about items Smith had purchased, places he had been, or payments he had made, he became skeptical that Lee was watching his transactions.

“I asked him how he was able to do this without my consent or authority (one-time pin etc), and he replied, ‘because the system is completely open, I have god mode’,” Smith wrote in a complaint later filed with American Express.

Smith has autism, and while he is classified as "high functioning," he occasionally struggles to recognize inappropriate behavior. He noticed "warning signs" about Lee but ignored them while traveling to Hawaii and Hamilton Island with his new partner, he claims.

During one of these trips, Smith became uneasy with the manner in which Lee discussed his clients' affairs, including major food distributor Primo Foods, which he claimed siphoned millions of dollars to the Cayman Islands. Lee later texted, "FYI, everything I tell you about work is highly confidential." 

By April, he had attempted to end the relationship and had warned Lee that he would report his behavior to American Express. Lee reacted negatively to this. He begged Smith to continue the relationship and, at one point, called Smith's close friend out of the blue to persuade her not to file a complaint. This was the breaking point. He was hell-bent on reporting Lee.

Amex: ‘No inappropriate access’

At the same time, another American Express employee noticed unusual activity on Smith's account. Lee was subjected to an internal investigation, which swiftly cleared him of any wrongdoing. On May 26, the company wrote to Smith, claiming Lee was not in a position to access his account and, in any case, there was training and processes in place to protect customer data.

Unconvinced, Smith asked American Express to confirm that Lee's access to his account had been blocked and reported the Primo Foods discussions. Smith claims that the following week, during a phone call, he was told that if Lee had looked at his account, it was no big deal because they were partners, and discussing Centurion's clients was also no cause for concern.

Smith filed a complaint with the Privacy Commissioner, who directed it to the Australian Financial Complaints Authority. AFCA immediately requested a meeting with American Express to verify that Lee had lost the rights to Smith's account.

The company's response was quick, but it turned out to be incorrect.  “We confirm that the employee has no access to [Smith]’s account,” Amex responded.

In subsequent letters between AFCA, Smith, and American Express, the company continued to imply that there had been no inappropriate access or violation of privacy laws. Until the plot shifted. In August, three months after Lee's suspicious activity was discovered, Smith was notified by American Express that Lee had indeed accessed his personal information.  

Lee accessed Smith's private account nine times between February and April of this year, according to digital access logs. American Express then stated that while it was impossible to prevent Lee from accessing the account, he would be disciplined and the account would be monitored to ensure no further intrusions.

“American Express is unable to practically restrict American Express employees from being able to access any specific Card member data. We acknowledge that [Smith] feels uncomfortable with his previous partner access to his personal information and have made every effort to implement controls to further protect his data,” the company wrote in a letter.

In a final decision issued this month, AFCA determined that American Express violated privacy laws by letting Lee to access his accounts without authorization both before and after the relationship. It awarded Smith $2000 in damages but did not order an apology or absolve the company of any wrongdoing.

“I am satisfied the financial firm has investigated the matters raised by the complainant, and in the circumstances, it has responded appropriately,” AFCA found.

American Express declined to answer specific questions about how it investigated Smith's complaint or what action it took against Lee, but stated it maintains the "highest levels of integrity" and has cooperated with AFCA.

“Whilst they made a determination against us, they concluded that American Express had investigated and responded appropriately,” the company said. “We are satisfied that this matter poses no risk to the integrity of our systems. Protecting the privacy of our customers and the integrity of our systems remains our utmost priority.”

Current laws allow for fines of up to $2.2 million for each unauthorized access. The federal government is considering raising the penalty to $50 million per breach, which would mean that American Express could have faced penalties totaling $450 million for the nine breaches.

“Companies need to take this issue around unauthorized access to information more seriously because the penalties are significant,” CyberCX privacy law expert David Batch says. “But in reality, the Privacy Commissioner has historically not handed down those fines.”

Smith was informed in October that AFCA's systemic issues team had agreed to investigate American Express's handling of Smith's case. This team investigates serious violations and systemic issues and has the authority to refer cases to other regulators, such as the Privacy Commissioner, however, its findings are a little transparent. AFCA was unable to comment on whether the promised investigation would be carried out.

According to Nigel Phair, Professor of Cybersecurity at the University of New South Wales, the "insider threat" is a major concern for businesses, where the actions of rogue employees can jeopardize the security of the entire organization.

He claims that the government's failure to implement harsh penalties on companies that mishandle their customers' data fosters a culture of impunity among Australian corporations.

For Smith, American Express and the system designed to hold companies accountable have let him down. He now makes a point of only using the card in ways that do not reveal his location. Requests for comment from Lee and Primo Foods were not returned.

*Not his real name. He asked that his identity be kept confidential.

Is it Safe to Use Virtual Credit Cards?

 

People all over the world use the internet to pay their bills, buy goods and services, and transfer money. This has many benefits, but one major disadvantage is security: millions of people fall victim to fraud and identity theft each year. 

Staying safe online necessitates constant vigilance, secure software, and a variety of skills required to navigate the World Wide Web. However, when it comes to online payments, virtual credit cards can add an extra layer of security. Virtual credit cards are primarily short-term digital cards intended for one-day or even one-time use. A virtual card is linked to a physical credit card or bank account.

It generates a card number, expiration date, and security code at random. As a result, your true information is not visible to or shared with anyone. Consider the following scenario to better understand how virtual credit cards work. You've logged into your preferred e-commerce platform, added various items to your cart, entered your information, and are about to pay. Instead of entering your credit card number, you create a new virtual credit card and enter all of the required information from it.

You learn several weeks later that this e-commerce platform was compromised by an unknown threat actor. The cybercriminal gained access to the company's systems, injected malicious code into the website, and stole user data, including credit card numbers. Your information and bank account, however, are safe because you used a virtual credit card rather than a real, physical card. 

Because the virtual credit card you used has already expired, you can proceed without concern about the breach. This is essentially the purpose of virtual credit cards. They conceal your true identity from threat actors and safeguard you from cybercrime. They obviously provide more privacy than physical credit cards, which is an added bonus.

Virtual credit cards are clearly something that everyone who values their security (and their hard-earned money) should consider. So, how does one go about obtaining one? The answer may be disappointing, but your best option is to contact your bank and inquire about virtual credit cards. Many people nowadays do.

However, if your bank or card issuer is incapable to provide you with a virtual credit card for whatever reason, there is another service called Privacy that you could utilize. It is a simple and easy-to-understand online platform for creating virtual credit cards. Essentially, all you need to do is add a funding source, create a card, and you're ready to go.

Of course, privacy provides much more. Setting spending limits, creating an online wallet with multiple cards, setting recurring payments (great for subscription services), tracking your spending, and more are all possible with the platform. Privacy also has a mobile app and a chrome extension, enabling you to access the service from almost any device.

More notably, privacy is extremely safe. It is PCI-DSS compliant, which means it is held to the same standards as US banks. Internet Protocol Security (IPsec) with AES-256 encryption protects all data center communications, while Transport Layer Security protects web traffic (TLS). Customers' passwords are hashed, and their data is stored on servers spread across the globe.

Privacy has three different plans: personal, professional, and team. Personal is free, but you can only create 12 virtual credit cards each month. You can make up to 36 cards with Pro and up to 60 with Teams. These two plans charge $10 and $25 per month, respectively.

However, there is one major drawback to Privacy: it is only available to US citizens and legal residents, as well as residents of Puerto Rico, Guam, the Virgin Islands, the Northern Mariana Islands, and American Samoa. According to the company's official website, it is striving to make its services available globally, so keep an ear to the ground if you are not based in the US but require a virtual credit card.

The fact that virtual credit cards cannot be used in person is an evident disadvantage. You can, however, add some virtual credit cards to a safe and dependable mobile wallet and pay that way whenever possible.
 
The main disadvantage of using virtual credit cards over physical ones is that they are only destined for one-time or one-day use. Furthermore, even if a virtual card is not intended for temporary use, you would need to generate new ones on a regular basis to ensure maximum security. The issue is that if you pay for something online with your virtual credit card and then demand a refund because the goods do not arrive or receive the product damaged, you will have no way of getting your money back if the card number has already expired.

Another potential disadvantage is that you sometimes need to utilize the same card to pay for a service. For example, if you make a hotel reservation online using your virtual credit card but do not pay the full amount in advance, the hotel may ask you to pay for your room with the same card you used to book it—which you will be unable to do if your virtual credit card has already expired.

Virtual credit cards are secure, simple to use, free (or, at the very least, inexpensive), and will improve your security and privacy. Most importantly, they will safeguard you against fraud, theft, and other forms of cybercrime.

There is always the potential of having problems getting a refund or something similar, but that is probably a reasonable compromise for most people. And, until you get a virtual credit card, make sure you are familiar with the most common online shopping security threats and how to avoid them.

Over 1M+ Credit Cards Exposed to Criminals on the Dark Web

 

A recently launched underground marketplace has distributed over 1.2 million credit cards via the dark web.

According to Bleeping Computer, the hackers behind 'BidenCash' have distributed the details of 1,221,551 credit cards in an effort to attract cybercriminals to their platform. The illegal carding market, which is accessible via the dark web, went live in June 2022. This particular marketplace began by leaking thousands of credit cards.

However, in order for its services to gain traction, BidenCash decided to release information for over 1.2 million cards all at once. Stealing and selling credit card information can be lucrative for the individuals involved, as such sensitive data is typically sold in batches. After all, cybercriminals can use the cards to purchase items, withdraw cash from accounts, or simply charge the card itself until the bank realises the transactions are false. 

So, what's the point of BidenCash's giveaway? The solution lies in distributed denial of service (DDoS) attacks on its original domains. As a result, in order to spread the word about new URLs for the service, the hackers are distributing the data for free. In addition to a clearnet domain, they distributed the new URLs via various hacking and social media channels.

In terms of credit cards, the file contains cards with expiry dates ranging from 2023 to 2026. Although some of the cards belonged to non-US residents, the vast majority belonged to Americans. Along with the obvious sensitive data pertaining to the cards, the dump also includes personal information such as email addresses, phone numbers, and the cardholder's address.

According to security analysts, the majority of the 1.2 million cards come from web skimmers, which are scripts found within checkout pages of compromised e-commerce sites that send any credit card information entered directly to the threat actors. As previously stated, credit card fraud is a lucrative business for criminals. Global payments fraud has increased from $9.84 billion in 2011 to a staggering $32.39 billion in 2020, according to Merchant Savvy data.

WooCommerce Credit Card Stealer Found Implanted in Fake Images

 

Card skimming and card details theft is one such sophisticated technique attack that seldom fails. Earlier this week, cybersecurity researchers at Sucuri blog unmasked a malicious campaign where a credit card swiper was injected into WordPress’ wp-settings.php file. The WooCommerce customers reported that images were disappearing from the cart almost as soon as they were uploaded. 

According to researchers, the credit card skimmer was buried deep down into the file titled '../../Maildir/sub.main', and it was easy to miss on a casual review. Scammers usually prefer to deploy malicious content out of the way so it is more difficult to detect. The common tactic employed is to create directories that look like system directories, or to place malware in existing core CPanel or other server directories. 

Upon analyzing the malicious file, researchers uncovered over 150 lines of code that had been obfuscated with str_rot13 and base64. Attackers also used multiple functions to store credit card data concealed in the wp-content/uploads/highend/dyncamic.jpg image file. When decoded, that data revealed not only credit card details submitted to the site, but also admin credentials to the site’s backend. 

Injecting card skimmers into WordPress plugin files is the newest trend, avoiding the heavily watched ‘wp-admin’ and ‘wp-includes’ core folders, where most injections are short-lived. It is one of the most lucrative and stealth attack tactics employed by scammers to make money. 

There are a couple reasons why this is a useful tactic. The primary reason is that it makes it very easy for scammers to download the stolen details in their browser or a console. Secondly, most website/server malware detection scans focus on website file extensions such as PHP, JS, and HTML. Image files, particularly those in a wp-content/uploads sub-directories, can sometimes be overlooked.

“Scammers are aware that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files,” researchers explained.

Latest Phishing Campaign Deploys Malware and Steals Critical Information

A phishing campaign on a massive scale is targeting Windows PC and wants to deploy malware that can hack usernames, passwords, contents of the crypto wallets, and credit card credentials. Malware named RedLine Stealer is provided as a malware-as-a-service scheme, giving amateur level cybercriminals the option to steal various kinds of critical personal information, for amounts as much as $150. The malware first surfaced in 2020, but RedLine recently added a few additional features and is widely spread in large-scale spam campaigns in April. 

The phishing email campaign includes a malicious attachment which, if active, starts the process of deploying malware. Hackers target users (mostly) from Europe and North America. The malware uses CVE-2021-26411 exploits discovered in Internet Explorer to send the payload. The vulnerability was revealed last year and patched, to limit the malware's impact on users who are yet to install the security updates. Once executed, RedLine Stealer does starting recon against the target system, looking for information that includes usernames, the type of browser that the user has, and if an antivirus is running in the system. 

After that, it finds information to steal and then extracts passwords, credit card data, and cookies stored in browsers, crypto wallets, VPN login credentials, chat logs, and information from files. Redline can be bought from the dark web, hackers are offered services on different hierarchical levels, this shows how easy it has become to buy malware. Even noob hackers can rent the software for $100 or get a lifetime subscription for $800. 

The malware is very simple, but very effective, as it can steal vast amounts of data, and inexperienced hackers can take advantage of this. ZDNet reports "it's possible to protect against Redline by applying security patches, particularly for Internet Explorer, as that will prevent the exploit kit from taking advantage of the CVE-2021-26411 vulnerability." The users should keep their operating systems updated, anti-virus and apps updated, to prevent known vulnerabilities from getting exploited for distributing malware.

1.8 Million People's Credit Card Information was Stolen from Sports Gear Sites

 

Four well-known affiliated online sports equipment websites recently disclosed and claimed a significant cyberattack. In this cyberattack, hackers compromised and stole the credit card information of over 1.8 million customers. A law firm representing these four sports gear websites revealed that on October 1st, 2021, a data breach occurred in which hackers compromised personal and credit card information; for the time being, the firm concluded with this much detail only. 

Tackle Warehouse LLC (Fishing gear), Running Warehouse LLC (Running apparel), Tennis Warehouse LCC (Tennis apparel), and Skate Warehouse LLC (Skateboards and skating apparel) are the affected websites. Full name, Financial account number, Credit card number (with CVV), Debit card number (with CVV), and Website account password have all been compromised as a result of this incident.

On the 15th of October, these sites discovered that they had been compromised, and on the 29th of November, they told their consumers about the data breach, in which hackers obtained over 1.8 million credit card information. Finally, on December 16th, they notified and sent security alerts to all affected persons. 

Because none of the published notices impacted customers to provide any information about the nature of the incident, the real means of getting the data remains unknown. However, as stated in the description, "External system breach (hacking)," this appears to be a database breach rather than the installation of card skimmers on the websites, though both situations are possible. 

Tackle’s notification states, “Upon becoming aware of the incident, Tackle Warehouse took the measures. We also reported the incident to the payment card brands in an attempt to prevent fraudulent activity on the affected accounts. However, we have reported this incident to law enforcement and have worked closely with the digital forensics and security firms to enhance the security of our sites to facilitate safe and secure transactions.” 

If customers made a purchase from one of these four compromised websites, they should keep track of everything, such as incoming communications with vigilance, keep an eye on their bank account and credit card statements, and report any unusual activity right away, said the security researchers. Aside from that, they stated that the compromised data is extremely sensitive, but that the portals have not yet given any identity protection services to all of their affected clients.

Wawa Paying $9 Million in Cash, Gift Cards in Data Breach Settlement


The Wawa convenience store chain is paying out up to $9 million in cash and gift cards to customers who were affected by a previous data breach, as reimbursements for their loss and inconvenience. 

The affected customers can request gift cards or cash that Wawa is paying out to settle a lawsuit over the security incident. Here's everything you need to learn about the proposed class action settlement – who's eligible, how to submit a claim for cash or a gift card, and how to object to the deal. 

Customers who used their payments cards at any Wawa store or gas pump during the data breach, but were not impacted by the fraud, qualifies to receive a $5 gift card, as compensation. These claimants are referred to as 'Tier One Claimants'. 

However, the claimants will be required to submit proof of the purchase they conducted at a Wawa store or fuel pump between March 04, 2019, and December 12, 2019 – when the data breach occurred – in order to claim the gift card. Customers would essentially be required to provide proof of the transaction date, preferably a store receipt of a statement by the bank, or a screenshot from the concerned bank or credit card company website or app. 

The next category of claimants, referred to as 'Tier Two Claimants' could receive a gift card worth $15 if they show reasonable proof of an actual or attempted fraudulent charge on their debit or credit card post-transaction. 

The last category of claimants, referred to as 'Tier Three Claimants' qualify to receive a cash reimbursement of upto $500, if they provide reasonably documented proof of money they spent in connection with the actual or attempted fraudulent transaction on their payment card. It must be reasonably attributed to the data breach incident. 

During the 9 month span of the data breach, around 22 million class members made a financial transaction at one of the Wawa stores. Customers have been given a deadline of November 29, 2021, to submit a claim for recompensation. By doing so, they are giving up their right to sue Wawa over the 2019 security incident. 

Those who wish to retain their right to sue the company over the security incident and do not wish to receive the payment will be required to exclude themselves from the class. The deadline given for the same is November 12, 2021. 
 

What is this settlement for?


In 2019, the Wawa convenience store chain experienced a data breach wherein cybercriminals hacked their point-of-sale systems to install malware and steal customers' card info. As the fraud impacted Wawa's 850 locations along the East Coast, the U.S based convenience store company found itself buried in a series of lawsuits. One of which – filed by the law firm Chimicles Schwartz Kriner & Donaldson-Smith, of Haverford – claimed that the data breach “was the inevitable result of Wawa's inadequate data security measures and cavalier approach to data security.”

The massive data breach that lasted for nine months,
affected in-store payments and payments at fuel pumps, including “credit and debit card numbers, expiration dates, and cardholder names on payment cards.” Meanwhile, hackers also attempted to sell the stolen financial data on the dark web. 

As a result, a police investigation was called in for and the organization also conducted an internal investigation by appointing a forensics firm for the same.

Stolen Credit Card Data Hidden in Images by Magecart Hackers for Vague Exfiltration

 

Magecart-affiliated cybercriminals have adopted a new approach for obfuscating malware code within comment blocks and embedding stolen credit card data into pictures and other files stored on the site, illustrating how attackers are always upgrading their infection chains to avoid detection. 

Sucuri Security Analyst, Ben Martin, stated in a write-up, "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion. These can later be downloaded using a simple GET request at a later date." 

Magecart is an umbrella name for several gangs of hackers that attack e-commerce websites intending to steal credit card data and sell them on the black market by injecting malicious JavaScript skimmers. 

Sucuri connected the assault to Magecart Group 7 based on similarities in the threat actor's techniques, methods, and practices (TTPs). The skimmer was located in one of the PHP files involved in the checkout process in the form of a Base64-encoded compressed string in one instance of a Magento e-commerce website infection analyzed by the GoDaddy-owned security business. 

Furthermore, the attackers are claimed to have utilized a method known as concatenation, in which the code was merged with extra comment portions that "does not functionally do anything but adds a layer of obfuscation making it more difficult to detect.” 

The attacks' ultimate objective is to collect customers' payment card information in real-time on the hacked website, which is then stored to a fake style sheet file (.CSS) on the server and then downloaded by the threat actor via a GET request. 

Martin added, "Magecart is an ever-growing threat to e-commerce websites. From the perspective of the attackers: the rewards are too large and consequences non-existent, why wouldn't they? Literal fortunes are made [by] stealing and selling stolen credit cards on the black market."

Herff Jones Credit Card Breach: College Students Across the US Affected

 

Graduating students from many universities in the United States have reported fraudulent transactions after using payment cards at Herff Jones, a prominent cap and gown seller. Following the initial reports last Sunday, the company launched an investigation to assess the scope of the data breach. 

The complaints persisted this week, prompting others to review their credit card statements for fraudulent charges. Students at universities in Indiana (Purdue, IU), Boston, Maryland (Towson University), Houston (UH, UHD), Illinois, Delaware, Michigan, Wisconsin, Pennsylvania (Lehigh, Misericordia), New York (Cornell), Arizona (Wake Forest), Florida (State University), and California (Sonoma State) are affected by the issue. 

Herff Jones was entirely unaware of the data violation until students began to complain about fraudulent charges to their payment cards on social media. They all had one thing in common: they were graduating students who had purchased commencement gear at Herff Jones. Some of them had to withdraw their payment cards and file a dispute with the bank over the fraudulent charges. 

Apart from delivery delays, the students said that they had been charged fraudulently for amounts ranging from tens of dollars to thousands of dollars. While the majority of reports indicate losses ranging from $80 to $1,200, one student said that a friend was charged $4,000. 

“Someone just bought a ps5 with my card info and I respect the hustle,” stated one student.  

A parent chimed in saying that their “daughter and about 30 other graduates that she knows of at her school (not Purdue) have had their debit cards compromised through HJ [Herff Jones].” 

According to one Cornell University senior, their credit card was stolen, and fraudsters attempted to charge $3,000 to "asics" and use it on adult content subscription service OnlyFans. Although the exact date of the Herff Jones violation is unknown, some of the earliest transactions date from the beginning of the month. Several students reported that they bought graduation products in April. 

Herff Jones released a statement on May 12th acknowledging the payment card data breach and apologizing for the incident.

Herff Jones said in a statement, “We sincerely apologize to those impacted by this incident. We are working diligently to identify and notify impacted customers. The company is investigating the incident with the help of “a leading cybersecurity firm.”

The User Data of Swarmshop Card Shop has been Leaked Online

 

The details of the Swarmshop Darknet payment card market have been removed for the second time in two years and published on a competing underground website. The breach includes all of Swarmshop's records and all the data exchanged on the platform with the stolen credit card. 

Group-IB, the global threat chasing business, has detected that Swarmshop credit card shop consumer data was leaked on the internet on 17 March 2021. As per the Group IB, details of 623,036 bank cards provided by banks in the US, Canada, United Kingdom, China, Singapore, France, Brazil, Saudi Arabia, and Mexico have been dumped into the Swarmshop dump. 

Though recently, Swarmshop Carding Store seems to have been a common, illegal digital shopping market where cybercriminals were permitted to sell and buy stolen card and banking information. However, it remains unclear as to who has extracted this information, or how and when. The leak revealed massive amounts of data comprising data on four website operators, 90 sellers, and 12,250 purchasers. The researchers have written, "The dump included criminals' nicknames, hashed passwords and account balance and contact details for some entries.” 

The researchers also found that “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” 

The one who breached Swarmshop did not warn the hacker and only sent a message with a connection to the database. At first, the administrators of the Card Shop claimed that the information was linked to a prior breach of the platform by a hacker in January 2020. However, their passwords were requested to be modified. Group-IB reviewed the current dump and found it fresh based on the most recent timestamps for user operation. 

“While underground forums get hacked from time to time, card shop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.” 

For decades, hackers have hacked other hackers. It seems quite simple for them to gain access to new hacking instruments, dumps, cards, PII, and value products than to hack people who steal them first of all. It is not surprising that Swarmshop has been successfully breached several times. Like everybody else, cybercriminals have security problems. It only shows that cybersecurity is a hard issue regardless of who you are. 

In Swarmshop's case, researchers seem to think that the attack is yet another criminal's business. About one year ago, a set of information has also been compromised. The site underwent a similar attack. No matter who is responsible, researchers believe that the breach would affect Swarmshop's position on cybercrime.

Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach

 

As per the information provided by the website ‘Have I Been Pwned’, Carding Mafia, a credit card stealing and trading platform that exposed nearly 300,000 user accounts, has indeed been compromised. However, Motherboard indicates that there was no indication that its consumers were warned on either the Carding Mafia Forum or its community telegram channel. According to forum data, Carding Mafia has more than 500,000 users. 

The breach potentially released 297,744 users' e-mail addresses, IP addresses, usernames, and hashed credentials. The authenticity of stolen data was verified by the founder of Have I Been Pwned, Troy Hunt. Hunt has stated that the carding site identifies e-mail addresses leaked through the 'forgot password' feature although it declined to identify and use any other random e-mail addresses. The carding website cautioned that when anonymous e-mails are submitted, a notification pops up which reads, “you have not entered an email address that we recognize” as per the Motherboard. 

The data reportedly hacked from this carding facility was 990 GB in the size of 660,000 artworks and 130,000 threads, according to the screenshots shared by Motherboard. The accused hacker presented the database through their inbox for free. Researchers noticed some months ago that too many cybercrime payments were being shifted to private message applications, to prevent alerting officials and security researchers that typically warn of compromised organizations. 

It is not unusual for hackers to post the stolen data publicly on popular hacking forums to gain "street cred" or a reputation. One can use this credibility to claim data or even request premium prices. Hackers find it harder to individually sell hacked information and use data brokers to divide over-generous fees. 

Hacker on hacker Cybercrime is a common way to stifle competitiveness by offering similar services to rival gangs. It may also be a simple way to get the gigabytes of compromised data free of charge or to boost the credibility of the hacker. Although IP information could encourage law enforcement agencies to identify the whereabouts of cybercriminals, as most criminals use VPN services to hide their real internet addresses. In order to register for hacking websites, hackers also use untraceable email addresses from vendors including Mailinator. However, new hackers are likely to be mistaken by logging into their actual IP addresses or by using real email addresses on the carding hacking pages. 

Meanwhile, Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, says: “Most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. Moreover, even the Western law enforcement agencies are currently underequipped to investigate and prosecute cybercrime on a large scale and will probably not initiate investigatory operations after the leak.”

Outdated Magneto 1 Witnessed Credit Card Skimming Threats

 

Magento is an open-source code e-commerce site that supplies online traders with a scalable shopping cart system, and managing their online store's layout, content, and features. Lately, threat actors began leveraging a flaw in the ‘Magento 1’ branch that has not been managed any longer in the fall of 2020. 

Thousands of retailers worldwide on the platform are encouraged to upgrade the mobile version to ‘Magento 2’, as thousands of e-commerce shops were hacked with the credit card skimming code infecting all of them. During the tracking of events related to the ‘Magento 1’ initiative, observably, an e-commerce shop was attacked twice by skimmers. 

In this particular incident, the threat actors devised a copy of their writings that is well-known to places that were already injected by the Magento 1 skimmer. The second skimmer will now actually collect the credit card data from the pre-existing fake form which were previously injected by the actors.

"A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized,” as stated by the researcher at Malwarebytes. He further added that “Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.” 

The end-of-life of Magento 1, paired with a famous feat, was an immense blessing for the actors at risk. Many pages were indiscriminately compromised merely because they were weak. RiskIQ has allocated these cases to Magecart Group 12, which uses diverse tactics including chain threats with a long history of web skimming.

On the payment websites of Costway, one of the leading retailers in North America and Europe, two web skimmers have been found selling appliances, furniture, etc. The skimmers seek to provide payment information with consumers' credit card. “Our crawlers identified that the websites for Costway France, U.K., Germany, and Spain, which run the Magento 1 software, had been compromised around the same time frame,” said researchers. 

On the Costway check-out page, the researchers noticed the credit card skimmer injection, which stands out in English while the majority of the platform is in French. This is no surprise considering the automated and very indiscriminate Magento 1 hacking campaign. 

The threat to victims is huge, as scientists claim that just in December 2020, Costway's French portal (Costway[.]fr) received approximately 180K tourists. There is also a second skimmer (loaded from the securityxx[.]top externally) on the web which targets the skimmer of Magento 1. 

Many Magento 1 websites have been compromised, but they are not monetized yet. Additional attacks would certainly continue to inject their own malicious code.

Clothing Brand 'The North Face' Hit By Credential Stuffing Attack, Suffers Data Breach

 

After North Face's website faced a credential stuffing attack, the company has reset the customers' credentials. In a recent cybersecurity incident, North Face informed its customers that it suffered a data breach attack. On its website, the customers can explore through clothing and accessories collection and buy apparel; they can also earn loyalty points when they buy a thing. Further inquiry revealed that hackers attacked The North Face on 8th and 9th October. 

The North Face says, "we strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites because if one of those other websites is breached, your email address and password could be used to access your account at thenorthface.com. Besides, we recommend avoiding using easy-to-guess passwords." In credential stuffing, hackers attack users who re-use their login credentials for different accounts or platforms. The hackers use ID and passwords stolen from other attacks, for instance, a data breach, and use the credentials for hacking purposes. The hackers use stolen login credentials to gain unauthorized access to websites. The entire process is mostly automatic, and now the hackers have modified their strategies and gained leverage in these types of attacks. 

Hackers have been successful in stealing data from prominent organizations like Dunkin Doughnut. The company suffered two cyberattacks in three months. As per the investigation, The North Face believes that it is probable that the hackers stole user credentials from any other source or website and used that information to attack the company's user accounts. According to StatSocial, The North Face leads the U.S market in the clothing and accessories segment, generating $2 Billion of the total $4 Billion revenue in 2019. 

The company didn't reveal the number of customers attacked; however, SimiliarWeb says that The North Face website had 6.96 Million customers in October. "We do not believe that the attacker obtained information from us that would require us to notify you of a data security breach under applicable law, but we are notifying you of the incident voluntarily, out of an abundance of caution," says The North Face.