Debate Magazine

Information from Over 2 Million Credit Cards Stolen From Restaurant Chain and Sold on the Dark Web

Posted on the 21 April 2019 by Darkwebnews @darkwebnews

Criminals are steadily adopting a new technique of compromising credit card data.

Installation of malware on a point-of-sale (PoS) system is becoming worryingly common.

The malicious software obtains card information such as card number, expiration date, and sometimes the account holder's name.

Earl Enterprises, owner of numerous U.S. restaurant chains, is the latest victim of the technique.

The company released a statement at the end of March admitting to the loss of data from customers' bankcards in specific branches.

The security breach on the firm's system allegedly occurred between May last year and March this year.

However, the company has assured online customers not to worry, as their information was not compromised.

As is to be expected, Earl Enterprises was keen to assure its clients of their security. The situation has apparently been contained even as further investigations continue.

However, bold as the statement was, guests of any of the affected restaurants still have a lot to worry about.

In an effort to inform the victims as well as to reassure them of their security, the company advised guests at Buca di Beppo, Mixology, Planet Hollywood, Tequila Taqueria, Chicken Guy, and Earl of Sandwich to review their card statements and to look out for suspicious transactions.

While the company has been quick to admit the data breach, the tip-off did not come from within the company.

Brian Krebs, a security journalist and owner of KrebsonSecurity, was responsible for informing the company of the sale of credit cards, potentially belonging to its customers, on the dark web.

According to Earl Enterprises, internal investigations are underway and the company has sought the services of two cybersecurity firms, as well as involving the FBI.

Whose Fault?

Even though such a breach is hardly the customer's fault, customers would still be wise to apply certain precautions in order to prevent further damage to their bank accounts.

For example, at the onset of an unauthorized transaction, the card issuer should be notified immediately in order to block future transactions.

It is not the first time that debit and credit card credentials have been found on the dark web.

However, the Earl Enterprise breach revealed an unprecedented number of stolen card details. Krebs suggests that the number is well over 2 million cards.

Joker's Stash appears to be one of the beneficiaries of the big heist. Brian Krebs reported that the underground shop is selling the cards under the tagline "Davinci Breach."

Going for as little as $6, the card details are used by criminals to make fake credit and debit cards, using blank cards with a magnetic strip to clone the stolen credentials.

Taglines like "Davinci Breach" are important to criminals because it helps them to identify payment card batches that are useful to them.

Rather than buying from every vendor, a criminal can easily buy from the same batch if the first loot was successful.

Jokers Stash, like other deep web sites, offers search options to its users, enabling them to find popular batches.

Instead of the cardholders ZIP codes, the cards are classified according to the ZIP codes of the stores from where they were stolen.

Preventing Future Attacks

Apart from just serving customers with notices and advising them to call their card issuers, companies need to do more with their payment systems.

Most companies, especially those in the service industry, are slow in adopting new security measures.

Swipe readers are very likely the leading cause of rising card fraud.

A limited number of firms have improved their systems to support the chip. However, such systems are expensive making it hard for small companies to foot the expense.

Another option to prevent such data breaches is to apply data security tokenization.

With tokenization, the merchant will be able to obscure real payment card numbers from their files and databases.

Attackers will consequently find it difficult to use the information they steal because it is tokenized and not the original.

Security tokenization can also be used to protect card details on local servers in cases where attackers are targeting specific locations using PoS malware.

Regardless of whether it is an issue of affordability or just sheer negligence, companies are not adopting end-to-end data security measures for all their outlets despite the growing importance of such measures.

With the current trend, we anticipate that more merchants will fall victim to PoS malware attackers in the coming months, so individuals are advised to keep a close on eye on their bank accounts.

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Back to Featured Articles on Logo Paperblog