The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: credit card

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

January 30, 2020Wang Wei
Remember the recent payment card breach at Wawa convenience stores ? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. As The Hacker News reported last month, on 10th December Wawa learned that its point-of-sale servers had malware installed since March 2019, which stole payment details of its customers from potentially all Wawa locations. At that time, the company said it's not aware of how many customers may have been affected in the nine-month-long breach or of any unauthorized use of payment card information as a result of the incident. Now it turns out that the Wawa breach marked itself in the
Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware

Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware

January 02, 2020Mohit Kumar
Landry's, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers' payment card information. Landry's owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry's Seafood, Chart House, Saltgrass Steak House, Claim Jumper, Morton's The Steakhouse, Mastro's Restaurants, and Rainforest Cafe. According to the  breach notification published this week, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. The PoS malware infected point-of-sale terminals at all Landry's owned locations, but, fortunately, due to end-to-end encryption technology used by the company, attackers failed to steal payment card data from cards swiped at its
Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

Hackers Stole Customers' Payment Card Details From Over 700 Wawa Stores

December 20, 2019Swati Khandelwal
Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at about any of its 850 stores since March 2019. What happened? According to a press release published on the company's website, on 4th March, attackers managed to install malware on its point-of-sale servers used to process customers' payments. By the time it was discovered by the Wawa information security team on 10th December, the malware had already infected in-store payment processing systems at "potentially all Wawa locations." That means attackers were potentially stealing Wawa customers' payment card information until the malware was entirely removed by its
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

July 29, 2019Swati Khandelwal
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account. The FBI Arrested the Alleged Hacker The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data. Thompson appeared in U.S. District Court o
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

May 08, 2019Swati Khandelwal
Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com , for over last seven months, researchers found that the attackers have been injecting malicious JS scripts hosted on this domain into hundreds of online shopping websites. The JavaScript scripts in question include the digital credit card skimming code that when execute on a site, automatically steal payment card information, such as credit card owner name, credit card number, expiration time, CVV information, entered by its customers. In an email Interview, NetLab researcher told The Hacker News that they don't have enough data to determine how hackers infected affected websites on the first place or what vulnerabilities they exploited, but did confirm that all affected
Hackers infect e-commerce sites by compromising their advertising partner

Hackers infect e-commerce sites by compromising their advertising partner

January 16, 2019Mohit Kumar
Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as "Magecart Group 12," recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart is the same group of digital credit card skimmers which made headlines last year for carrying out attacks against some big businesses including Ticketmaster , British Airways , and Newegg . Typically, the Magecart hackers compromise e-commerce sites and insert malicious JavaScript code into their checkout pages that silently captures payment information of customers making purchasing on the sites and then send it to the attacker's remote server. However, the researchers from the two firms today revealed that instead of directly compromising targeted websites, the Magecart G
UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

September 20, 2018Swati Khandelwal
Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers. Yes, £500,000—that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion company. In July this year, the UK's data protection watchdog issued the maximum allowed fine of £500,000 on Facebook over the Cambridge Analytica scandal , saying the social media giant Facebook failed to prevent its citizens' data from falling into the wrong hands. Flashback: The Equifax Data Breach 2017 Equifax suffered a massive data breach last year between mid-May and the end of July, exposing highly sensitive data of as many as 145 million people globally. The stolen information included victims' names, dates of birth, phone numbers, driver's licens
Google Secretly Tracks What You Buy Offline Using Mastercard Data

Google Secretly Tracks What You Buy Offline Using Mastercard Data

September 03, 2018Wang Wei
Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in exchange to access this information. Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg. According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google. Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertise
Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

June 20, 2018Swati Khandelwal
Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers. More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance. According to the researchers at Sucuri , who have previously spotted several Magento malware campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their 'credit card stea
Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

December 21, 2017Mohit Kumar
It's the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not know precisely how many customers were affected by the data breach, Nissan is contacting all of its roughly 1.13 million current and previous customers. In a statement released Thursday, Nissan Canada said the company became aware of an " unauthorized access to personal information " of some customers on December 11. " Nissan Canada Finance recently became aware it was the victim of a data breach that may have involved an unauthorized person(s) gaining access to the personal information of some customers that have financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada, " the company said . It's believed that the unkno
Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

November 15, 2017Mohit Kumar
Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach. American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations. The Los Angeles based company, which operates over 815 stores in 57 countries, didn't say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected. Forever 21 learned of the breach after the retailer received a report from a third-party monitoring service, suggesting there may have been "unauthorized access to data from payment cards that were used at certain FOREVER 21 stores." Besides this, the company also revealed that it implemented encryption and token-based authentication systems in 2015 that are intended to protect transaction data on its point-
Equifax Hack Exposes Personal Info of 143 Million US Consumers

Equifax Hack Exposes Personal Info of 143 Million US Consumers

September 07, 2017Unknown
It's ironic—the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143 million Americans—that's almost half the country. Equifax, one of the three largest credit reporting firm in the United States, admitted today that it had suffered a massive data breach somewhere between mid-May and July this year, which it actually discovered on July 29—that means the data of 143 million people were exposed for over 3 months. However, it's unknown why Equifax waited 6 weeks before informing their millions of affected customers about the massive security breach. Based on Equifax's investigation, unknown hackers exploited a security vulnerability on its website to gain unauthorized access to certain files. Stolen data includes consumers' names, Social Security numbers, and birth dates for 143 million Americans, and in some instances, driving licence numbers and credit card n
US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

April 22, 2017Swati Khandelwal
The son of a prominent Russian lawmaker was sentenced on Friday by a US federal court to 27 years in prison after being convicted of stealing millions of US credit card numbers and causing some $170 million in damages to businesses and individuals. This sentence is so far the longest sentence ever imposed in the United States for a hacking-related case. Roman Valeryevich Seleznev , 32, the son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives and then extradited to the United States. Upon arrest, federal authorities retrieved a computer that contained over 1.7 million stolen credit card numbers. Seleznev, also went by the moniker 'Track2' online, was convicted in August 2016 of 38 charges related to stolen credit card details, which include: 10 counts of Wire Fraud 9 counts of possession of 15 or more unauthorized access devices 9 counts of o
MasterCard launches Credit Card with Built-In Fingerprint Scanner

MasterCard launches Credit Card with Built-In Fingerprint Scanner

April 21, 2017Mohit Kumar
MasterCard has unveiled its brand new payment card that has a built-in biometric fingerprint scanner, allowing customers to authorize payments with their fingerprint, without requiring a PIN code or a signature. The company is already testing the new biometric payment cards, combined with the on-board chips, in South Africa and says it hopes to roll out the new cards to the rest of the world by the end of 2017. Don't Worry, It Still Supports PIN-based Transactions as Fallback Wait — If you think that this feature would not allow you to share your card with your child and spouse, don't worry — Mastercard has a solution for this issue as well. The company has confirmed that even if the card is configured to expect the fingerprint for authenticating a purchase, but it does still have a PIN as a fallback, in case, for some reason EMV readers fail to read fingerprint or you have yourself handed it to your child for shopping. Stores & Retailers Don't Need New Hardw
324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway

324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway

September 13, 2016Swati Khandelwal
Around 324,000 users have likely had their payment records stolen either from payment processor BlueSnap or its customer Regpack ; however, neither of the company has admitted a data breach. BlueSnap is a payment provider which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global online enrollment platform that uses BlueSnap to process the financial transactions for its online enrollments. The data breach was initially reported on July 10, when a hacker published a link on Twitter, pointing to a file containing roughly 324,000 records allegedly stolen from Waltham, Massachusetts-based BlueSnap. The tweet has since been deleted, but Australian security expert Troy Hunt took a copy of it for later review to analyze the data and after analyzing, he discovered that the leaked payment records are most likely legitimate. Payment Card Data Including CVV Codes Leaked The data contains users' details registred between 10
Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

August 29, 2016Wang Wei
The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million. Roman Seleznev , 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, which sparked an international dispute between American and Russian authorities, who characterized the extradition as a " kidnapping ." Prosecutors introduced evidence from a corrupted laptop seized by the authorities at the time of his arrest.  "I don't know of any case that has allowed such outrageous behavior," said his lawyer, John Henry Browne. Also Read: How to Freeze Credit Report To Protect Yourself Against Identity Theft . According to the Department of Justice, Seleznev, who also went by the moniker ' Track2 ' online, was convicted in
Researcher spots an ATM Skimmer while on vacation in Vienna

Researcher spots an ATM Skimmer while on vacation in Vienna

June 26, 2016Mohit Kumar
We have heard a lot about ATM skimmers, but it's nearly impossible to spot one. Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM. But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable. Tedesco was hanging out in Vienna and when about to draw some cash from a cash machine outside St. Stephen's Cathedral, he decided to do a quick visual inspection of the ATM machine and surprisingly spotted the dodgy device attached to it. Warning: Beware of Skimming Devices Installed on the ATM Vestibule Doors . That was a credit card skimmer – a perfect replica of the actual card reader that was designed to steal credit card information of users when they swipe their card to take off cash from the ATM. "Being security paranoid, I repeated my typical habit of checking the card read
Let's Take a Selfie to Shop Online With MasterCard

Let's Take a Selfie to Shop Online With MasterCard

July 02, 2015Wang Wei
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES . MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a step forward in the mobile payments evolution. This experimental ID Check security system uses the front camera of your mobile phone and "facial recognition" technology to get your payment done with a quick shot of your face. And MasterCard thinks this generation people will love it. " The new generation, which is into selfies...I think they will find it cool, " MasterCard President of Enterprise Safety and Security Ajay Bhalla told CNNMoney. " They'll embrace it ." How this new feature works? MasterCard will provide you a new mobile app to download in order to use the feature. After you make an online payment, the new app will
LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

June 12, 2014Swati Khandelwal
Many of us own a PayPal account for easy online transactions, but most of us don't have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!! A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on. An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily. According to TinKode a.k.a Razvan Cernaianu , who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process  which
Target finally Plans to issue Chip and PIN Credit Cards

Target finally Plans to issue Chip and PIN Credit Cards

April 30, 2014Swati Khandelwal
The massive data breaches in U.S largest retailers ' Target ', marked the largest card heists in the U.S. history in which financial credentials of more than 110 million customers were compromised, have forced the retailer to take step towards more secure transactions. The retailer company on Tuesday said it is implementing chip-and-PIN payment card systems for its stores and will be soon working with the MasterCard to replace all of its REDcard customer cards to chip-and-PIN secured cards. The transition to chip-and-Pin-enabled REDcards is set to begin in early 2015. " The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores, " the company said. The chip-and-PIN system, also known as the EMV standard. Instead of using a magnetic stripe to store fina
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.