In this week's issue, Target has settled with the affected financial institutions regarding their 2013 data breaches, Paysafe confirms a data breach involving nearly 8 million of its customers, an innovative card skimming scam involving gas station fuel pumos, hackers are selling Netflix login credentials for as low as $1 and in this week's Rippleshot blog post, we investigate "ship to" e-commerce fraud affecting consumers this holiday season.
Nearly two years ago, Target had been identified as one of the largest data breach victims in U.S. history, with at least 40 million payment cards were stolen in the cyber attack. Target acknowledged that additional 110 million customers may have had their personal information exposed in the breach as well. On Wednesday, Target has agreed to pay a whopping $39.4 million to resolve the claims by affected financial institutions that lost money because of the data breach. Target will pay as much as $20.25 million to the affected banks and credit unions and another $19.11 million to reimburse MasterCard card issuers.
Need to brush up on the details of Target data breach? Check out our Target data breach time line here.
A major gambling payment provider was notified that two of their customer databases had been leaked, compromising roughly 7.8 million customers. Nearly a month ago, Forbes revealed that the databases of Neteller and Moneybookers (now called Skrill) had been leaked, exposing personal information of nearly 8 million customers. The owner of both payment providers, Paysafe Group, was unaware of the of the leak and began a forensic investigation to determine the scope of the breach. In a London Stock Exchange announcement, Paysafe Group confirmed that the breach had exposed the personal information of 3.6 million Neteller accounts and 4.2 million Skrill accounts.
We've discussed the card skimming that occurs at gas station fuel pumps, in which fraudsters affix a card skimmer inside the fuel station pumps. For one group of criminals, there is a series of crimes that includes re-selling gasoline at a discounted price to whoever will purchase it. In a KrebsonSecurity feature, these criminals start by installing skimming devices to steal payment card data from unsuspecting customers. Then they use that stolen payment card data to clone new cards and purchase large amounts of gasoline, only to later sell that gas to gas station owners that are complacent in shady business practices.
Learn more about how fraudsters are using unconventional methods to steal sensitive data in our blog post.
Sensitive personal and payment information may no longer be the hottest commodity on the dark web this holiday season. According to a report written by McAfee Labs, access to online streaming entertainment services like Hulu, HBO GO and Netflix are driving demand on the Internet’s version of a black market. On these sites, sellers are offering login credentials for single accounts for less than a dollar, with premium sites such as HBO Go going for less than $10. The researchers at McAfee Labs were able to discover that some of these sellers were offering lifetime access to these subscriptions.
To read a copy of the McAfee Labs report, click here.
For this week's Rippleshot blog post, we look at tactic fraudsters use year after year during the holidays. One of the key signs of account takeover involves a change in the shipping address after an e-commerce transaction has been completed. Fraudsters are using stolen personal information and login credentials gathered in data breaches to assume a consumer's identity, to either alter transactions that have already occurred or to make additional purchases to send to a location of their choosing. We'll cover how fraudsters are able to accomplish this new tactic while also describing scenarios that e-commerce merchants should be aware with the holiday season fully in motion.
To learn more, click here.