Tuesday, November 5, 2013

Epic hack on a Limo Service broker(?)

http://krebsonsecurity.com/2013/11/hackers-take-limo-service-firm-for-a-ride/

(I think they're a broker for other local services.)

This is an epic hack, really. A treasure trove of information, from the who's who on the national and international stage. Key facets of the hack:

  1. 241,000 high- or no-limit American Express cards with expiration dates. High value in the underground card number sales markets.
  2. Travel schedules for national/international figures. Very interesting for some.
  3. Sometimes, companion information for national/international figures. Interesting or very interesting for some as well.
  4. Personal details about national/international figures, like Donald Trump wanting/needing a clear front seat (for a bodyguard or what?), or an alias people use when getting picked up.

The credit card numbers are a very impressive haul. Not so great for this company's PCI compliance, or American Express. Wonder if the business will stay afloat. This is a small organization, I'm assuming. One that has entered into the world of online payment processing and application development (with ColdFusion). In this case, making money took precedence over security of the platform, or the data...and they are paying for that decision.