Tag: Cards | Page 2

Hackers compromised some Zola user accounts to buy gift cards – TechCrunch

May 23, 2022/in Mobile Security

Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.

The incident first came to light over the weekend after Zola customers took to social media to report that their accounts had been hijacked. Some reported that hackers had depleted funds held in their Zola accounts, while others said they had thousands of dollars charged to their credit cards.

In a statement given to TechCrunch, Zola spokesperson Emily Forrest said that accounts had been breached as a result of a credential stuffing attack, where existing sets of exposed or breached usernames and passwords are used to access accounts on different websites that share the same set of credentials.

“The vast majority of Zola couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity,” Forrest said. “Our team acted as quickly as possible to protect our community of couples and guests, and we were able to block all attempted fraudulent transfers.”

TechCrunch has seen posts from a Telegram channel showing members discussing and posting screenshots accessing user accounts through the Zola app. One of the messages in the Telegram chat says to “make sure” to use the app and not the site. The partially redacted screenshots show the hackers ordering gift cards from a user’s account — including using the credit card on file with Zola — which are sent to the hackers’ email address after the order is placed. Gift cards are often the go-to choice for cybercriminals because they can be notoriously difficult to trace.

Zola confirmed the gift card orders and said the company is “quickly working” to correct them. “The vast majority of the gift card orders have already been refunded and 100% will be refunded by the end of the day,” Forrest told TechCrunch. “Any action that a couple did not take will be corrected.”

Zola said it temporarily suspended its iOS and Android apps during the incident, and reset all user passwords out of an “abundance of caution.”

If you have sent us a tweet regarding any gifts, credits…

Source…

In Worrisome Development, ‘Skimmers’ Hack Gas Pumps to Read Credit Cards

August 14, 2021/in Computer Security

A “skimmer” circuit board found inside a gas pump in San Diego County. Courtesy San Diego County Agriculture, Weights and Measures

A former San Diego Police Officer, Larry Avrech, had gotten a heads up from another former cop about keys being sold on the Internet that could open up gas pumps. Their first question was, is this legal?

Their second question was, why would anyone want to open up a gas pump?

The images Avrech found online showed two “gas pump replacement lock keys.”

The answer comes from Brian Krebs, a former newspaper reporter who is an expert on computers and Internet security.

“For decades, only a handful of master keys were needed to open the vast majority of pumps in America,” Krebs said. “That has changed, but I bet there are some older stations that haven’t yet updated their locks.”

It’s “entirely possible and plausible,” Krebs said, that ”the keys are being used to open pumps. The purpose, he said, is for thieves who use “skimmers.”

Skimmers are a cleverly disguised electronic technology that thieves attach to cash machines, gas pumps and self-service checkout stands to steal credit card data. Krebs, a former Washington Post reporter, explained that the types of skimmers range in sophistication.

In some cases, the thieves must return to the scene of the crime to retrieve the data. More sophisticated strategies use texting to send the data.

In San Diego County, skimmer devices are spot checked as part of 700 inspections of gas stations done annually by San Diego County’s Agriculture Weights and Measures office. Typically, the locations chosen to place skimmers are close to freeways, have easy in-and-out access to a road, do not have a store or kiosk associated with it, and shut down for the night.

Gig Conaughton, communications specialist for the department, said this year inspectors found six skimmers, all of which were removed by the U.S. Secret Service. Conaugton said he couldn’t provide the exact locations “because there is still an ongoing, active investigation.” But he was able to say the inspectors found the skimmers “split at two locations in Santee and National City.”

Source…

How a Burner Identity Protects Your Inbox, Phone, and Cards

June 28, 2021/in Mobile Security

Between vaccine appointment notifications, store pickups, online food ordering, and a general increase in online ordering, I feel like I’ve created three times as many online accounts in the past 18 months than I did in all previous years combined.

Handing out any sort of personal information, whether it’s an email address or a phone number, can lead to spam, data breaches, or harassment. More abstractly, it can also enable tracking by data brokers—companies that take identifiable bits of data, including phone numbers, email addresses, and device-specific identifiers (such as a browser fingerprint or device ID that’s linked to a phone or computer) and then aggregate that data into a marketing profile. One way to protect your personal details from both individuals and corporations is to use alternate details, which you can generate through a number of tools. These “burner” identity tools create disposable email addresses, credit card numbers, and phone numbers, all of which can help protect your main accounts while you do just about anything online.

Private email forwarding: SimpleLogin

A screen shot of the Simple Login app dashboard where the user can create and organize multiple alias email addresses.

If you spend a lot of time online, you likely have dozens of accounts spread across the internet, with sites and services ranging from retail stores you’ve shopped at once to random apps that require your email address to use. You’ve probably handed that email address to plumbers, car salespeople, social networks, and countless others who may have gone on to spam your inbox.

Over the years, I’ve taken two approaches to managing the situation: creating a free email address explicitly for shopping (Gmail, Outlook, ProtonMail, and the like all work fine for this purpose) and using email forwarding to obfuscate that address so I can pull the plug if spam starts coming in.

Email-forwarding services—I like SimpleLogin, which generates a nonsense email address, such as [email protected]—forward any emails sent to that address to your real inbox. If an account gets too much spam, you can block it and start over with a new email address from your forwarding service. This approach is great for shopping, where you may need an email receipt for only a few weeks, or company…

Source…

High-Level Organizer of Notorious Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards | OPA

April 16, 2021/in Computer Security

A Ukrainian national was sentenced today in the Western District of Washington to 10 years in prison for his high-level role in the criminal work of the hacking group FIN7.

Fedir Hladyr, 35, served as a manager and systems administrator for FIN7. He was arrested in Dresden, Germany, in 2018, at the request of U.S. law enforcement and was extradited to Seattle, Washington. In September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

“The defendant and his conspirators compromised millions of financial accounts and caused over a billion dollars in losses to Americans and costs to the U.S. economy,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “Protecting businesses – both large and small – online is a top priority for the Department of Justice. The department is committed to working with our international partners to hold such cyber criminals accountable, no matter where they reside or how anonymous they think they are.”

“This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” said Acting U.S. Attorney Tessa M. Gorman of the Western District of Washington. “This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

“These cyber thieves orchestrated an elaborate network of hackers and systems to infiltrate businesses and exploit consumers’ personal information,” said Special Agent in Charge Donald M. Voiret of the FBI’s Seattle Field Office. “Their specialized skills to target certain industries amplified the damage exponentially. Thanks to the hard work of law enforcement partners both in the U.S. and overseas, these fraudsters are not beyond our reach and cannot hide from the law.”

According to documents filed in the case, since at least 2015, members of FIN7 (also referred to as…

Source…

Tag Archive for: Cards

Private email forwarding: SimpleLogin