Parking services have taken a beating this year at the hands of hackers bent on stealing credit and debit card data. This week’s victim — onestopparking.com — comes compliments of the same organized crime gang thought to be responsible for stealing tens of millions of card numbers from shoppers at Target and Home Depot . Late last week, the cybercrime shop best known for being the first to sell cards stolen in the Target and Home Depot breach moved a new batch of cards taken from an unknown online merchant.
Happy 5th Birthday, KrebsOnSecurity!
It’s hard to believe, but KrebsOnSecurity turns five years old today! How time flies! Probably the most rewarding part about being an independent reporter (for my part, anyway) is watching your readership grow and mature into a community that not only adds perspective and balance but also helps educate other readers. I’m very proud of the community that’s sprung up around this site, and I’m extremely grateful for all of the support and encouragement from you, Dear Reader. A few dozen readers have sent PayPal or Bitcoin donations, but most have supported this site with their time, expertise and tips (keep those coming, please).
Who’s in the Lizard Squad?
The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft ‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks. Kim Dotcom offers Lizard Squad members vouchers to stop the attack
Cowards Attack Sony PlayStation, Microsoft xBox Networks
A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Live games this holiday season. The group, which calls itself LizardSquad , started attacking the gaming networks on or around Christmas Day.
Payday Loan Network Sold Info to Scammers
The Federal Trade Commission announced this week it is suing a consumer data broker that sold payday loan application data to scammers who used the information to pull money out of consumer bank accounts. The scam brings to mind an underground identity theft service I wrote about in 2012 that was gathering its data from a network of payday loan sites.
Staples: 6-Month Breach, 1.16 Million Cards
Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
FBI: North Korea to Blame for Sony Hack
The FBI today said it has determined that the North Korean government is responsible for the devastating recent hack attack against Sony Pictures Entertainment . Here’s a brief look the FBI’s statement, what experts are learning about North Korea’s cyberattack capabilities, and what this incident means for other corporations going forward
Complex Solutions to a Simple Problem
My inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought — if well-intentioned — responses to a problem that we already know how to solve
Banks: Park-n-Fly Online Card Breach
Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly , an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide. In response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.
In Damage Control, Sony Targets Reporters
Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment , demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach. A letter from Sony’s lawyers