Over 5 million stolen card data put on sale on Darknet

Friday 23 August 2019 00:03 CET | News

More than 5.3 million new accounts belonging to cardholders from 35 US states have been put on sale on a popular underground store that sells card data stolen from hacked merchants.

Security researcher Brain Krebs has found that credit and debit card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, a chain of more than 245 supermarkets located throughout the Midwestern US.

Hy-Vee announced on August 14, 2019 it was investigating a data breach involving payment processing systems that handle transactions at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants. However, the supermarket chain said it was too early to tell when the breach initially began or for how long intruders were inside their payment systems.

Hy-Vee said it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware, KrebsOnSecurity mentioned.

The card data stolen from Hy-Vee is now being sold under the code name ‘Solar Energy’, at Joker’s Stash carding bazaar, with prices ranging from USD 17 to USD 35 apiece, the security researcher has found.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: card data, stolen data, darknet, Brian Krebs, Hy-Vee, card skimming malware, US, online security, payments security
Countries: World

Industry Events