#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking credit cards | Breaking Cybersecurity News | The Hacker News

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Jan 30, 2020
Remember the recent payment card breach at Wawa convenience stores ? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. As The Hacker News reported last month, on 10th December Wawa learned that its point-of-sale servers had malware installed since March 2019, which stole payment details of its customers from potentially all Wawa locations. At that time, the company said it's not aware of how many customers may have been affected in the nine-month-long breach or of any unauthorized use of payment card information as a result of the incident. Now it turns out that the Wawa breach marked itself in the
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Jan 25, 2020
The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ' Operation Night Fury ,' the investigation was led by Interpol's ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime. According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access. "The operation is still ongoing in the other five ASEAN countries with which the intelligence was also shared. This case marks the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the re
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Jul 30, 2019
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account. The FBI Arrested the Alleged Hacker The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data. Thompson appeared in U.S. District Court o
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

Apr 03, 2019
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their customers. The malicious code—well known as JS sniffers, JavaScript sniffers, or online credit card skimmers—has been designed to intercept users' input on compromised websites to steal customers' bank card numbers, names, addresses, login details, and passwords in real time. Magecart made headlines last year after cybercriminals conducted several high-profile heists involving major companies including British Airways , Ticketmaster , and Newegg , with online bedding retailers MyPillow and Amerisleep being recent victims of these attacks. The initial success of these attacks alread
OnePlus confirms up to 40,000 customers affected by Credit Card Breach

OnePlus confirms up to 40,000 customers affected by Credit Card Breach

Jan 19, 2018
OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website. In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between mid-November 2017 and January 11, 2018. According to the company, the attacker targeted one of its systems and injected a malicious script into the payment page code in an effort to sniff out credit card information while it was being entered by the users on the site for making payments. The malicious script was able to capture full credit card information, including their card numbers, expiry dates, and security codes, directly from a customer's browser window. " The malicious script operated intermittently, capturing and sending data directly from the user's browser. It ha
Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

Nov 15, 2017
Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach. American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations. The Los Angeles based company, which operates over 815 stores in 57 countries, didn't say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected. Forever 21 learned of the breach after the retailer received a report from a third-party monitoring service, suggesting there may have been "unauthorized access to data from payment cards that were used at certain FOREVER 21 stores." Besides this, the company also revealed that it implemented encryption and token-based authentication systems in 2015 that are intended to protect transaction data on its point-
US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

Apr 22, 2017
The son of a prominent Russian lawmaker was sentenced on Friday by a US federal court to 27 years in prison after being convicted of stealing millions of US credit card numbers and causing some $170 million in damages to businesses and individuals. This sentence is so far the longest sentence ever imposed in the United States for a hacking-related case. Roman Valeryevich Seleznev , 32, the son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives and then extradited to the United States. Upon arrest, federal authorities retrieved a computer that contained over 1.7 million stolen credit card numbers. Seleznev, also went by the moniker 'Track2' online, was convicted in August 2016 of 38 charges related to stolen credit card details, which include: 10 counts of Wire Fraud 9 counts of possession of 15 or more unauthorized access devices 9 counts of o
Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Aug 29, 2016
The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million. Roman Seleznev , 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, which sparked an international dispute between American and Russian authorities, who characterized the extradition as a " kidnapping ." Prosecutors introduced evidence from a corrupted laptop seized by the authorities at the time of his arrest.  "I don't know of any case that has allowed such outrageous behavior," said his lawyer, John Henry Browne. Also Read: How to Freeze Credit Report To Protect Yourself Against Identity Theft . According to the Department of Justice, Seleznev, who also went by the moniker ' Track2 ' online, was convicted in
Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Jul 08, 2016
The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s
Researcher spots an ATM Skimmer while on vacation in Vienna

Researcher spots an ATM Skimmer while on vacation in Vienna

Jun 26, 2016
We have heard a lot about ATM skimmers, but it's nearly impossible to spot one. Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM. But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable. Tedesco was hanging out in Vienna and when about to draw some cash from a cash machine outside St. Stephen's Cathedral, he decided to do a quick visual inspection of the ATM machine and surprisingly spotted the dodgy device attached to it. Warning: Beware of Skimming Devices Installed on the ATM Vestibule Doors . That was a credit card skimmer – a perfect replica of the actual card reader that was designed to steal credit card information of users when they swipe their card to take off cash from the ATM. "Being security paranoid, I repeated my typical habit of checking the card read
Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

Mar 15, 2016
Card Skimmers have been around for years, but the video posted below is a perfect example of the evolution of the technology used by thieves. The video released by Miami Beach Police involved two men who work as a team to install a credit card Skimmer on top of a card terminal at a local gas station in LESS THAN 3 SECONDS . Yes, in just less than 3 seconds hackers can turn a regular credit and debit card reader into a Skimmer – a device designed to secretly steal a victim's credit or debit card information. The two men were caught on video by a security camera, but it all happened so fast that one might have to rewatch the video to actually catch the crime. Miami Beach Police have published the video of the cyber crook and his partner, who was tasked with distracting the station's clerk, in the hopes that someone recognizes the criminals and helps track them down. Video Demonstration: Here's What Happened: The incident took place on We
Hacker Finds How Easy Is to Steal Money Using Square Credit-Card Reader

Hacker Finds How Easy Is to Steal Money Using Square Credit-Card Reader

Aug 04, 2015
Next time just be careful while swiping your credit card at small retailers or trendy stores that use Square Reader to accept credit card payments. The increasingly popular and widely used Square Reader can be easily turned into a skimming device that can be used to steal your credit card data, a group of researchers warned. Square Reader is a tiny device that allows small retailers to easily accept credit and debit card payments without having to spend the money on the traditional point of sale systems. However, despite its convenience, this cheap and easy-to-use alternative has a critical flaw that could allow anyone to easily steal your payment card information. All an attacker need is a screwdriver, superglue, and roughly 10 minutes to turn the latest generation Square Reader into a tiny, portable card skimmer . Converting a New Generation Square Reader into a Card Skimmer? A team of three security researchers from Boston University has discovered a w
Let's Take a Selfie to Shop Online With MasterCard

Let's Take a Selfie to Shop Online With MasterCard

Jul 03, 2015
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES . MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a step forward in the mobile payments evolution. This experimental ID Check security system uses the front camera of your mobile phone and "facial recognition" technology to get your payment done with a quick shot of your face. And MasterCard thinks this generation people will love it. " The new generation, which is into selfies...I think they will find it cool, " MasterCard President of Enterprise Safety and Security Ajay Bhalla told CNNMoney. " They'll embrace it ." How this new feature works? MasterCard will provide you a new mobile app to download in order to use the feature. After you make an online payment, the new app will
Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Jun 29, 2015
Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento , the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers. Credit Card Stealers? Now, Sucuri senior malware researcher Peter Gramantik have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt. Moreover, to evade detection,
Why Protecting Your Magento Ecommerce Website Is So Damn Important

Why Protecting Your Magento Ecommerce Website Is So Damn Important

Apr 16, 2015
The Market of E-commerce websites is at its peak, as today people love to shop online to save their time. However, E-commerce and financial sites stand first in the rundown of potential victims as they manage financial exchanges. The traditional way to target victims of e-commerce sites is to use targeted "phishing" attacks via social media and emails. But… …due to increased awareness among the people about the threat of phishing attacks, hackers have now discovered new way — by malvertising legitimate websites where people assume to be safe and secure. We know: Today, there are many ready-to-use e-commerce platforms available on the Internet that are very easy to install and manage and that too at no extra cost; ' Magento ' is one of the most popular out of them. The most popular, the most targeted: Yes! Security researchers at Sucuri have found a malicious code inside the Magento e-commerce website that was intended to send all the data
Hacker Who Stole Money From Bill Gates Arrested in Philippines

Hacker Who Stole Money From Bill Gates Arrested in Philippines

Apr 13, 2015
What if you get into the bank account of the World's most richest person? Maybe it could be difficult for you as well as I. But not for this guy… ... Konstantin Simeonov Kavrakov , a Bulgarian hacker, who hacked into the ATM and stole thousands of dollars from the bank account of Microsoft mogul Bill Gates with fake ATM cards arrested in Philippines, according to the Philippine National Police. The 31-year-old man was arrested red-handed by the Philippine National Police while he was withdrawing cash from an ATM using fake cards. He had stolen tens of thousands of dollars from many victims by hacking into the automated teller machines (ATMs). In 2011, Kavrakov got arrested and was jailed in Paraguay for hacking into the Bill Gates' account in The Philippines' densely-populated Quezon City and stealing thousands of dollars. Since then Kavrakov was on the hit list of many countries police. During the arrest, the police recovered seven cloned credit card
Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Mar 16, 2015
Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada's Bank of Montreal, BMO Harris Bank is  launching  the U.S.'s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card informat
Grocery Stores 'Supervalu' and 'Albertsons' Hacked for Credit Card Data

Grocery Stores 'Supervalu' and 'Albertsons' Hacked for Credit Card Data

Aug 18, 2014
Albertson's and SuperValu - Two nation's most popular supermarket store chains announced last weekend that a data breach may have revealed the credit and debit card information of their customers at a number of grocery store locations in more than 18 states. Minnesota-based Supervalu announced that an unknown number of its customers who used their payment cards in around 180 stores between June 22 and July 17 may have had payment card data compromised by attackers who gained access to the Supervalu computer network that processes card transactions. The affected information may includes names, payment card numbers, expiration dates, and other numerical information from cards used at POS devices. " The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution ," SuperValu said in a statement . The massive da
Cybersecurity Resources