EurekAlert: No honor among cyber thieves

EurekAlert: No honor among cyber thieves. “A backstabbing crime boss and thousands of people looking for free tutorials on hacking and identity theft were two of the more interesting findings of a study examining user activity on two online ‘carding forums,’ illegal sites that specialize in stolen credit card information.”

Wired: A New Card Ties Your Credit to Your Social Media Stats

Wired: A New Card Ties Your Credit to Your Social Media Stats. “SPENCER DONNELLY, WHO goes by TheRussianBadger on YouTube, has cultivated an audience of nearly 2.7 million subscribers for his gaming videos. For years, business has been rosy. YouTube shares a percentage of the ad revenue on each of his videos, and the money is good enough that playing video games on camera has become a full-time job. A few years ago, he even incorporated The Russian Badger, legitimizing his YouTubing business. The only problem: no bank would give him a serious credit card.”

Motherboard: Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans

Motherboard: Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans. “Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”

Wawa data breach: Hacker is selling 30 million credit cards on the dark web (Digital Trends)

Digital Trends: Wawa data breach: Hacker is selling 30 million credit cards on the dark web. “Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.”

ZDNet: VISA warns of POS malware incidents at gas pumps across North America

ZDNet: VISA warns of POS malware incidents at gas pumps across North America. “Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks.”

WPVI: Wawa announces massive data breach, ‘potentially all’ locations affected, CEO says

WPVI with a side of yikes: Wawa announces massive data breach, ‘potentially all’ locations affected, CEO says. “This malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained last week. This malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers.”

MarketWatch: New CFPB database of expensive prepaid cards is missing key information, advocates say

MarketWatch: New CFPB database of expensive prepaid cards is missing key information, advocates say. “The Consumer Financial Protection Bureau has launched a new database revealing the terms and conditions on prepaid cards and payroll cards that can sometimes hit users with high fees. But people wouldn’t know that from the federal watchdog agency, consumer advocates say.”

Krebs on Security: “BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security: “BriansClub” Hack Rescues 26M Stolen Cards. “‘BriansClub,’ one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”

Washington Post: Capital One says data breach affected 100 million credit card applications

Washington Post: Capital One says data breach affected 100 million credit card applications. “Capital One, the Virginia-based bank with a popular credit card business, announced Monday that a hacker had accessed about 100 million credit card applications, and investigators say thousands of Social Security and bank account numbers were also taken.”

CNET: Hackers steal credit card information from Checkers fast-food chain

CNET: Hackers steal credit card information from Checkers fast-food chain. “Hackers infected checkout stations at more than 100 of the fast-food restaurant’s locations with malicious software that stole payment card information, the company said Wednesday. So when the cashier swiped your card to pay for boneless chicken wings or a triple crispy fish sandwich, the fryer got to work on your lunch and the hackers got their hands on your credit card number. The stolen information also included cardholder names, card expiration dates and card verification codes, the company said.”

Engadget: AMC accidentally exposed data on 1.6 million subscribers

Engadget: AMC accidentally exposed data on 1.6 million subscribers. “A security researcher discovered that AMC Networks had inadvertently exposed more than 1.6 million records of subscribers to the company’s two premium streaming video platforms, Sundance Now and Shudder. The publicly accessible database included the names and email addresses of subscribers as well as details about their subscription plans. It included more than 3,000 invoices processed by Stripe that listed the last four digits of a user’s credit card.”

Krebs on Security: A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

Krebs on Security: A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach. “On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.”

ZDNet: Google Chrome extension that steals card numbers still available on Web Store

ZDNet: Google Chrome extension that steals card numbers still available on Web Store. “A malicious Google Chrome extension that can recognize and steal payment card details entered in web forms is still available on the Chrome Web Store. The extension is the work of a cyber-criminal group and has been at the heart of a malware distribution effort in the past.”