Wednesday, November 6, 2013

Tom Hanks and Donald Trump among 850,000 victims as limo firm hack leaks addresses and AmEx numbers

Tom Hanks and Donald Trump are among a client list of 850,000 users of limousines and town cars to become the latest “trophy” claimed by hackers, after a breach at a nationwide limousine firm – which netted unencrypted details including full credit card details and other “notes” on customers.

Personal details including addresses and no-limit credit card details were stolen and stored on the web, according to security expert Brian Krebs. A break in at CorporateCarOnline exposed a huge amount of data on customers – including CEOs, politicians and celebrities.

The information was stored in a plain text file, Krebs claims, and contained details including credit card numbers, names and addresses – including some 241,000 high- or no-limit American Express cards. Krebs says that these are among the most highly prized items for sale on the global cybercrime underground. The data was found in the same online “cache” containing information about recent hacks against Adobe and global press release firm PR Newswire.

Sites such as TechDirt pointed out the potential value of such information to gossip sites. Krebs said that the leak has the potential to have the highest “social impact” of any of the breached data related to the recent Adobe hack.

Krebs spoke to CorporateCarOnline’s CEO, who said, “I’d prefer not to talk to anybody about that.”
The data stored on the server, and uncovered by Krebs, includes information from a breach at Adobe, makers of Acrobat and Photoshop, which ESET Researcher Stephen Cobb described the breach as “unprecedented” at the time – due to the fact that attackers also appeared to have accessed source code for Adobe’s Acrobat software.

Source code is a highly useful tool for hackers looking to craft new attacks against users of particular software packages – and Acrobat, used to read PDFs, is used by millions, on almost every computing platform.

Adobe has admitted around 38 million active users may have had IDs and encrypted passwords accessed by unknown attackers in a breach earlier this year. Krebs said, “It also appears that the already massive source code leak at Adobe is broadening to include the company’s Photoshop family of graphical design products. The company now admits that “numerous” products were affected by the breach.

 Information from 10,000 accounts for marketing and press release distribution firm PR Newswire was found in the same cache. The firm admitted to a large-scale breach, in which usernames and passwords were stolen – but claims hackers have not sent out “fake” releases, a powerful tool in the wrong hands.

Share

Twitter Delicious Facebook Linkedin Stumbleupon Favorites More