The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: hacking credit cards

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

July 30, 2019Swati Khandelwal
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account. The FBI Arrested the Alleged Hacker The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data. Thompson appeared in U.S. District Court o
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

April 03, 2019Swati Khandelwal
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their customers. The malicious code—well known as JS sniffers, JavaScript sniffers, or online credit card skimmers—has been designed to intercept users' input on compromised websites to steal customers’ bank card numbers, names, addresses, login details, and passwords in real time. Magecart made headlines last year after cybercriminals conducted several high-profile heists involving major companies including British Airways , Ticketmaster , and Newegg , with online bedding retailers MyPillow and Amerisleep being recent victims of these attacks. The initial success of these attacks alread
OnePlus confirms up to 40,000 customers affected by Credit Card Breach

OnePlus confirms up to 40,000 customers affected by Credit Card Breach

January 19, 2018Mohit Kumar
OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website. In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between mid-November 2017 and January 11, 2018. According to the company, the attacker targeted one of its systems and injected a malicious script into the payment page code in an effort to sniff out credit card information while it was being entered by the users on the site for making payments. The malicious script was able to capture full credit card information, including their card numbers, expiry dates, and security codes, directly from a customer’s browser window. " The malicious script operated intermittently, capturing and sending data directly from the user's browser. It ha
Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

November 15, 2017Mohit Kumar
Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach. American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations. The Los Angeles based company, which operates over 815 stores in 57 countries, didn't say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected. Forever 21 learned of the breach after the retailer received a report from a third-party monitoring service, suggesting there may have been "unauthorized access to data from payment cards that were used at certain FOREVER 21 stores." Besides this, the company also revealed that it implemented encryption and token-based authentication systems in 2015 that are intended to protect transaction data on its point-
US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

US Court Sentences Russian Lawmaker's Son to 27 Years in Jail for Hacking

April 22, 2017Swati Khandelwal
The son of a prominent Russian lawmaker was sentenced on Friday by a US federal court to 27 years in prison after being convicted of stealing millions of US credit card numbers and causing some $170 million in damages to businesses and individuals. This sentence is so far the longest sentence ever imposed in the United States for a hacking-related case. Roman Valeryevich Seleznev , 32, the son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives and then extradited to the United States. Upon arrest, federal authorities retrieved a computer that contained over 1.7 million stolen credit card numbers. Seleznev, also went by the moniker 'Track2' online, was convicted in August 2016 of 38 charges related to stolen credit card details, which include: 10 counts of Wire Fraud 9 counts of possession of 15 or more unauthorized access devices 9 counts of o
Experts Reveal How Attackers Can Hack Your Credit Cards In Seconds

Experts Reveal How Attackers Can Hack Your Credit Cards In Seconds

December 06, 2016Swati Khandelwal
As India attempts an upgrade to a cashless society, cyber security experts have raised serious concerns and revealed how to find credit card information – including expiration dates and CVV numbers – in just 6 Seconds. And what's more interesting? The hack uses nothing more than guesswork by querying multiple e-commerce sites. In a new research paper entitled " Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? " published in the academic journal IEEE Security & Privacy, researchers from the University of Newcastle explains how online payments remain a weak spot in the credit card security which makes it easy for fraudsters to retrieve sensitive card information. The technique, dubbed Distributed Guessing Attack , can circumvent all the security features put in place to protect online payments from fraud. The similar technique is believed to be responsible for the hack of thousands of Tesco customers in the U.K last month. The issue reli
Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

August 29, 2016Wang Wei
The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million. Roman Seleznev , 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, which sparked an international dispute between American and Russian authorities, who characterized the extradition as a " kidnapping ." Prosecutors introduced evidence from a corrupted laptop seized by the authorities at the time of his arrest.  "I don't know of any case that has allowed such outrageous behavior," said his lawyer, John Henry Browne. Also Read: How to Freeze Credit Report To Protect Yourself Against Identity Theft . According to the Department of Justice, Seleznev, who also went by the moniker ' Track2 ' online, was convicted in
Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

July 08, 2016Mohit Kumar
The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s
Researcher spots an ATM Skimmer while on vacation in Vienna

Researcher spots an ATM Skimmer while on vacation in Vienna

June 26, 2016Mohit Kumar
We have heard a lot about ATM skimmers, but it's nearly impossible to spot one. Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM. But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable. Tedesco was hanging out in Vienna and when about to draw some cash from a cash machine outside St. Stephen's Cathedral, he decided to do a quick visual inspection of the ATM machine and surprisingly spotted the dodgy device attached to it. Warning: Beware of Skimming Devices Installed on the ATM Vestibule Doors . That was a credit card skimmer – a perfect replica of the actual card reader that was designed to steal credit card information of users when they swipe their card to take off cash from the ATM. "Being security paranoid, I repeated my typical habit of checking the card read
Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

March 15, 2016Swati Khandelwal
Card Skimmers have been around for years, but the video posted below is a perfect example of the evolution of the technology used by thieves. The video released by Miami Beach Police involved two men who work as a team to install a credit card Skimmer on top of a card terminal at a local gas station in LESS THAN 3 SECONDS . Yes, in just less than 3 seconds hackers can turn a regular credit and debit card reader into a Skimmer – a device designed to secretly steal a victim's credit or debit card information. The two men were caught on video by a security camera, but it all happened so fast that one might have to rewatch the video to actually catch the crime. Miami Beach Police have published the video of the cyber crook and his partner, who was tasked with distracting the station's clerk, in the hopes that someone recognizes the criminals and helps track them down. Video Demonstration: Here's What Happened: The incident took place on We
Hacker Finds How Easy Is to Steal Money Using Square Credit-Card Reader

Hacker Finds How Easy Is to Steal Money Using Square Credit-Card Reader

August 04, 2015Swati Khandelwal
Next time just be careful while swiping your credit card at small retailers or trendy stores that use Square Reader to accept credit card payments. The increasingly popular and widely used Square Reader can be easily turned into a skimming device that can be used to steal your credit card data, a group of researchers warned. Square Reader is a tiny device that allows small retailers to easily accept credit and debit card payments without having to spend the money on the traditional point of sale systems. However, despite its convenience, this cheap and easy-to-use alternative has a critical flaw that could allow anyone to easily steal your payment card information. All an attacker need is a screwdriver, superglue, and roughly 10 minutes to turn the latest generation Square Reader into a tiny, portable card skimmer . Converting a New Generation Square Reader into a Card Skimmer? A team of three security researchers from Boston University has discovered a w
Let's Take a Selfie to Shop Online With MasterCard

Let's Take a Selfie to Shop Online With MasterCard

July 03, 2015Wang Wei
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES . MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a step forward in the mobile payments evolution. This experimental ID Check security system uses the front camera of your mobile phone and "facial recognition" technology to get your payment done with a quick shot of your face. And MasterCard thinks this generation people will love it. " The new generation, which is into selfies...I think they will find it cool, " MasterCard President of Enterprise Safety and Security Ajay Bhalla told CNNMoney. " They'll embrace it ." How this new feature works? MasterCard will provide you a new mobile app to download in order to use the feature. After you make an online payment, the new app will
Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

June 29, 2015Swati Khandelwal
Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento , the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers. Credit Card Stealers? Now, Sucuri senior malware researcher Peter Gramantik have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt. Moreover, to evade detection,
Why Protecting Your Magento Ecommerce Website Is So Damn Important

Why Protecting Your Magento Ecommerce Website Is So Damn Important

April 16, 2015Swati Khandelwal
The Market of E-commerce websites is at its peak, as today people love to shop online to save their time. However, E-commerce and financial sites stand first in the rundown of potential victims as they manage financial exchanges. The traditional way to target victims of e-commerce sites is to use targeted "phishing" attacks via social media and emails. But… …due to increased awareness among the people about the threat of phishing attacks, hackers have now discovered new way — by malvertising legitimate websites where people assume to be safe and secure. We know: Today, there are many ready-to-use e-commerce platforms available on the Internet that are very easy to install and manage and that too at no extra cost; ' Magento ' is one of the most popular out of them. The most popular, the most targeted: Yes! Security researchers at Sucuri have found a malicious code inside the Magento e-commerce website that was intended to send all the data
Hacker Who Stole Money From Bill Gates Arrested in Philippines

Hacker Who Stole Money From Bill Gates Arrested in Philippines

April 13, 2015Mohit Kumar
What if you get into the bank account of the World’s most richest person? Maybe it could be difficult for you as well as I. But not for this guy… ... Konstantin Simeonov Kavrakov , a Bulgarian hacker, who hacked into the ATM and stole thousands of dollars from the bank account of Microsoft mogul Bill Gates with fake ATM cards arrested in Philippines, according to the Philippine National Police. The 31-year-old man was arrested red-handed by the Philippine National Police while he was withdrawing cash from an ATM using fake cards. He had stolen tens of thousands of dollars from many victims by hacking into the automated teller machines (ATMs). In 2011, Kavrakov got arrested and was jailed in Paraguay for hacking into the Bill Gates' account in The Philippines' densely-populated Quezon City and stealing thousands of dollars. Since then Kavrakov was on the hit list of many countries police. During the arrest, the police recovered seven cloned credit card
Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

March 16, 2015Swati Khandelwal
Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada’s Bank of Montreal, BMO Harris Bank is  launching  the U.S.’s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card informat
Grocery Stores 'Supervalu' and 'Albertsons' Hacked for Credit Card Data

Grocery Stores 'Supervalu' and 'Albertsons' Hacked for Credit Card Data

August 18, 2014Swati Khandelwal
Albertson’s and SuperValu - Two nation’s most popular supermarket store chains announced last weekend that a data breach may have revealed the credit and debit card information of their customers at a number of grocery store locations in more than 18 states. Minnesota-based Supervalu announced that an unknown number of its customers who used their payment cards in around 180 stores between June 22 and July 17 may have had payment card data compromised by attackers who gained access to the Supervalu computer network that processes card transactions. The affected information may includes names, payment card numbers, expiration dates, and other numerical information from cards used at POS devices. " The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution ," SuperValu said in a statement . The massive da
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.