Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Over 5 million stolen card data put on sale on Darknet

Friday 23 August 2019 | 12:03 PM CET

More than 5.3 million new accounts belonging to cardholders from 35 US states have been put on sale on a popular underground store that sells card data stolen from hacked merchants.

Security researcher Brain Krebs has found that credit and debit card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, a chain of more than 245 supermarkets located throughout the Midwestern US.

Hy-Vee announced on August 14, 2019 it was investigating a data breach involving payment processing systems that handle transactions at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants. However, the supermarket chain said it was too early to tell when the breach initially began or for how long intruders were inside their payment systems.

Hy-Vee said it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware, KrebsOnSecurity mentioned.

The card data stolen from Hy-Vee is now being sold under the code name ‘Solar Energy’, at Joker’s Stash carding bazaar, with prices ranging from USD 17 to USD 35 apiece, the security researcher has found.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement