Hackers set new high score for credit card theft at 130M

The former record theft of 45 million credit card numbers has been topped. Three hackers face charges for stealing over 130 million credit and debit card numbers via malware and an SQL injection attack on corporate servers. The head honcho now faces 20 years in prison.

A Florida man may have busted the world record for consumer data theft after allegedly stealing 130 million credit and debit card numbers. The US Department of Justice announced Monday afternoon that 28-year-old Albert Gonzales and two co-conspirators had been indicted for conspiracy. If true, Gonzales and gang may have beaten the credit card theft high score of 45 million accounts nearly three times over.

Gonzales, going by the online name of "segvec," and his two buddies (soupnazi and j4guar17, in case you were wondering) allegedly began researching the credit card systems used by various companies in October of 2006 and devised the attack to steal the data in question. The team chose an SQL injection exploit to get around corporate firewalls to steal credit and debit information. Their success had led to charges of conspiracy to hack into certain retail and financial organizations, as well as conspiracy to commit wire fraud.

It appears that, in many cases, they succeeded—according to the DoJ, the team successfully jacked 130 million card numbers and transmitted them to servers in California, Illinois, Latvia, the Netherlands, and Ukraine. Some of the companies affected by the attack include convenience store chain 7-Eleven, Heartland Payment Systems (a credit card processor), and Hannaford Brothers Co. (a supermarket chain).

The DoJ describes the incident as "the largest alleged credit and debit card data breach ever charged in the United States." Indeed, before today, the former high score was represented by the scarlet letter on TJX's forehead, parent company of retailer T.J. Maxx. That data breach involved "at least" 45.7 million credit and debit card numbers that occurred between mid-2005 and early 2007, as well as various points in 2003 and 2004. The theft of such a massive amount of data occurred, unsurprisingly, due to glaring security holes in the computer systems that process and store payment information.

Gonzales' success came for similarly stupid reasons. Heartland Payment Systems, one of the companies victimized, revealed earlier this year that it may have leaked up to 100 million credit and debit accounts onto the black market due to malware in its system. It turns out that one of the systems in the payment processing chain had been infected with an unidentified bit of malware designed to track and report the magnetic information stored on the back of a credit card as that data was sent through the system. Though Heartland said that no personally identifiable information was transmitted, that magnetic data could easily be transferred to a new physical card.

Gonzales is facing up to 20 years in prison, and isn't likely to win over any sympathy points on this one, either. As it turns out, he is already in federal custody thanks to a previous incident wherein he supposedly hacked the network for a major restaurant chain in May of 2008. Additionally, in August of 2008, Gonzales was indicted for a series of other retail hacks that affected eight major retailers and the theft of 40 million more credit card numbers. "The charges announced today relate to a different pattern of hacking activity that targeted different corporate victims and involved different co-conspirators," explained the DoJ. Given Gonzales' history, it seems that 130 million credit and debit cards may just be the tip of the iceberg.

Source: ars technica

Tags: hackers

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Pokemon GO had the potential to net $1 billion a year
The report said that Hon Hai has invested about US$600 million in India
Market research firm IDC reports that in the third quarter of this year
Customers will only have to shell out 50% of the cost of their Galaxy S7 device
New flagship will launch in 2017
Patent hints at name of the upcoming Surface AIO
IBM, Globalfoundries and Samsung have chosen to use extreme ultraviolet (EUV) light to pattern transistors
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments