06 Nov 2013

Limo Company Breached; Customer Data Exposed Online

Hackers breached CorporateCarOnline, a limousine and town car service, and posted online sensitive information of hundreds of thousands of people. Among the 850,000 victims, Tom Hanks and Donald Trump had their addresses and American Express card numbers exposed.

The stolen information including the names and addresses as well as the credit card numbers and expiry dates of limo service customers including CEOs, lawmakers and celebrities. An independent investigation by security researcher Brian Krebs revealed that the snatched data ended up listed in plain text archive on the Internet.

“More than one-quarter (241,000) of all compromised card numbers were high- or no-limit American Express accounts, card numbers that have very high resale value in the cybercrime underground,” writes Brian Krebs in a blog post.

Moreover, the data was posted on the same server used to expose the snatched Adobe customer records and source code: “the high-value data cache was found on the same servers where hackers stashed information stolen from PR Newswire, as well as huge troves of source code data lifted from Adobe Systems Inc. — suggesting that the same attacker(s) may have been involved in all three compromises.”