A Network of Knockoff Apparel Stores Exposed 330,000 Customer Credit Cards
Thursday January 26, 2023. 12:30 PM , from Slashdot
An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.
The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.
But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.
Read more of this story at Slashdot.
Sep, Tue 26 - 18:31 CEST