U.S. Target Stores - 40 Million Credit Card Numbers Stolen

Galdorf said:
It has been confirmed on target's website:
Click to expand...

Target know how this happened, and there response is to monitor you bank statements for any unusual transactions not to cancel you card and get a new on reissued, knowing full well the banks don't like issuing new cards because it costs them more money than the actual fraud.

If you have used any card during this time at Target, please cancel the card and have you bank issue a new one. The information that has been stolen would have already been sold to criminals. I repeat do not take any chances have any cards the were used in Target at that time cancelled and reissued by your bank, they won't like but you will have piece of mind knowing your fully safe, until next time.

The simple chip and pin setup is all they need to solve this and or send a text message to your mobile with a yes or no option when the transaction is being done.

Merry Xmas Banks!
 
Galdorf said:
This is not the first time something like this has happened this year.

Dexter payment card malware strikes South Africa
Dexter malware returns with a vengeance
Huge cyber bank theft spans 27 countries
Cyber crime has hit an all time high this year HUGE amounts of money stolen they really need to increase security in the US the tech they are using is 30 years old.
Click to expand...


I received a letter and a year of identity protection service from D&B about two months ago. I'm not sure I recall seeing anything about that breach in the news. Not surprised at all about the Target news.
 
This has been happening for years and will continue, unfortunately. We do not know the details of the Target breach and may never know.

I was involved in a upgrade project at, US based, Harbor Freight Tools in my area. They were switching from a *nix infrastructure to M$. What I find interesting is that they had a breach a few months after it was finished.

http://www.bankinfosecurity.com/impact-harbor-freight-attack-grows-a-5970/op-1
 
It is now verified they got the pin as well the spyware would have to be in the card terminal and keys logged on pin pad because they use Triple DES algorithm that is sent to card processing facility only they have the key to decrypt it.
 
Last edited:
Galdorf said:
It is now verified they got the pin as well the spyware would have to be in the card terminal and keys logged on pin pad because they use Triple DES algorithm that is sent to card processing facility only they have the key to decrypt it.
Click to expand...

The pilfered PIN's were encrypted. From the article link you posted.

Target claims that the PINs remained encrypted after they were stolen.
Click to expand...

Putting a keylogger/malware on a pin pad would be incredibly difficult. They would have to have penetrated the entire chain, down to the POS terminals to access the pin pads at all of the stores.

All of the pin pad hacks I have read about had the black hats modifying a pin pad on hand and then swapping it out at the store. A recent article about that.

http://storefrontbacktalk.com/secur...ng-card-data-theft-is-now-all-about-pin-pads/
 
markverhyden said:
The pilfered PIN's were encrypted. From the article link you posted.



Putting a keylogger/malware on a pin pad would be incredibly difficult. They would have to have penetrated the entire chain, down to the POS terminals to access the pin pads at all of the stores.

All of the pin pad hacks I have read about had the black hats modifying a pin pad on hand and then swapping it out at the store. A recent article about that.

http://storefrontbacktalk.com/secur...ng-card-data-theft-is-now-all-about-pin-pads/
Click to expand...

What if the malware was injected by some one working in the factory where they were made prob china?.
There are instances where mp3 players made in china were loaded with spyware in factory to steal online game passwords as soon as you plugged them into a pc.
http://storefrontbacktalk.com/securityfraud/thousands-of-cards-compromised-at-retailers%E2%80%99-pos/
What if the malware has the capability of reading the pin pad memory before the pin get's encrypted.
 
Last edited:
markverhyden said:
The pilfered PIN's were encrypted. From the article link you posted.



Putting a keylogger/malware on a pin pad would be incredibly difficult. They would have to have penetrated the entire chain, down to the POS terminals to access the pin pads at all of the stores.

All of the pin pad hacks I have read about had the black hats modifying a pin pad on hand and then swapping it out at the store. A recent article about that.

http://storefrontbacktalk.com/secur...ng-card-data-theft-is-now-all-about-pin-pads/
Click to expand...

Yeah but didn't Barnes and Noble have exactly that happen just this year?
 
Galdorf said:
What if the malware was injected by some one working in the factory where they were made prob china?.
There are instances where mp3 players made in china were loaded with spyware in factory to steal online game passwords as soon as you plugged them into a pc.
http://storefrontbacktalk.com/securityfraud/thousands-of-cards-compromised-at-retailers%E2%80%99-pos/
What if the malware has the capability of reading the pin pad memory before the pin get's encrypted.
Click to expand...

Again, highly doubtful. This is a case of millions of cards and they would have had to have had them in every single store.

But Chinese back doors have been around and are rarely publicized. I remember back in early 2000's I had bought a couple of CompUSA NAS single drive enclosures (I worked there). Setup them up and all is good. Then one day I came home and saw the activity light was going nuts on one enclosure. A quick ethereal scan and look at the NAS told me that someone from China had gotten access and was using a device account that did not exist. The only way it could have happened is if they had programmed it to call home. Of course I was not happy about this and made a few phone calls. No one cared.
 
nlinecomputers said:
Yeah but didn't Barnes and Noble have exactly that happen just this year?
Click to expand...

Yep, I think B&N was a recent one with swapped pin pads and there have been others. But I think the landmark event was Wally World back around '06 or '07. They got hit and was sued big time. So there was this massive crash program to swap out all of their pin pads with ones that did encryption.

But it's scary that they can get into a pin pad to install a keylogger or disable encryption. I would think the pin pad companies would have used hardware encryption so that it could not be defeated.
 
nlinecomputers said:
USA Today reporting that Target's data breach was bigger than originally thought.

http://www.usatoday.com/story/money/business/2014/01/10/target-customers-data-breach/4404467/

Over 70 Million Customers exposed. :eek:
Click to expand...

Wow that will be some fine if they get fined from PCI.
Just in the breach is now believed to be 3x worse than they thought 120 million!.
The fine could be as much as $10800000000
According to new info malware was using ram scraper that parses ram before data gets encrypted:

Exclusive: More well-known U.S. retailers victims of cyber attacks - sources
 
Last edited:
Hate Target with a passion...so much cheap chinese made stuff there, clothes that barely last a year.

Sadly though I went there either 2 or 3 years ago to pickup some box DVD set for my wife. The credit card I most likely used, I closed about a year ago when switching banks. :)

However...this Target thing, and the Marcus stores...it's just the tip of the iceberg folks....we're gonna see this stuff skyrocket so crazy over the next year or two..... mark my words.
 
You must log in or register to reply here.

Similar threads

MikeLierman
Stolen Credit Card Fraud!
2 3
Replies
57
Views
10K
MikeLierman
MikeLierman
jeubank
Expanding Revenues: Effective Marketing
Replies
0
Views
1K
jeubank
jeubank
Kitten Kong
  • Sticky
Questions and Answers relating to Microsoft Licencing Guidelines.
Replies
3
Views
12K
Rosco
Rosco
L
Marketing - What worked and What Flopped.
2
Replies
31
Views
6K
MM PC Solutions
MM PC Solutions
JosephLeo
My Business Blueprint: Foundation
2
Replies
21
Views
5K
Alan22
A
Back
Top