2 min read

Over 320,000 CVV codes and final records leaked online

Luana PASCU

September 14, 2016

Over 320,000 CVV codes and final records leaked online

Some 324,000 records containing names, physical addresses, email addresses, IP addresses, phone numbers, CVV codes and the credit cards” last four digits were allegedly leaked via Twitter, Australian security researcher Troy Hunt found.

Source: Troy Hunt
Source: Troy Hunt

This information is extremely useful for hackers because it can be easily exploited for fraud and other cybercrimes.

“Now it’s possible that the data has come from another unnamed party, but it’s highly unlikely,” Hunt said. “Not only could I not pick a pattern in the data suggesting it was sourced from elsewhere, but the CVVs just shouldn’t have been there.”

The data could have been from either BlueSnap or Regpack, he had initially written. BlueSnap is a global payment processing customer, while Regpack deals with solutions for online event registrations and has been a BlueSnap customer since April 2013.

“We’ve got 899 totally separate consumers of the Regpack service (so it’s not from one of them) who send their data direct to Regpack who pass payment data onto BlueSnap for processing. Unless I’m missing a fundamental piece of the workflow (and I’m certainly open to suggestions on what this might be), it looks like accountability almost certainly lies with one of these two parties.”

In the meantime, however, BlueSnap has denied the hack in a statement to SecurityWeek.

“Based on an investigation we initiated as soon as we heard about the data set, we hired a top PCI-certified Incident Response firm. They confirmed that BlueSnap did not experience a system breach or any data loss.”

UPDATE

BlueSnap did not experience a data loss. An official statement has been released by Regpack to Troy Hunt confirming the data was leaked due to human error.

“We identified that a human error caused those decrypted files to be exposed to a public facing server and this was the source of the data loss. This was identified by our teams going back and reviewing some of the log files as indicated in the blog discussion post. We have changed our approach to handling this data and are confident that this one-time mistake will not occur again.”

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read