Forgot your password?
typodupeerror
Security

Target Hackers Have More Data Than They Can Sell 118

Posted by Soulskill
from the embarrassment-of-riches dept.
itwbennett writes "The hackers who stole millions of credit card numbers from Target customers are probably 'laying low knowing that everyone is looking for them,' says Alex Holden, who runs cybercrime consultancy Hold Security. But it's also likely that they can't sell them: 'You can imagine that having a lot of stolen credit cards will not net the hackers, say $35 per card for all 40 million,' said Holden. 'Even if the hackers are willing to sell cards for $1 a card, no one will buy the stolen goods in these amounts.'"
This discussion has been archived. No new comments can be posted.

Target Hackers Have More Data Than They Can Sell

Comments Filter:
  • by jddeluxe (965655) on Tuesday January 14, 2014 @10:17PM (#45960721)
    My bank (Chase) has sent out new cards to anyone that had a transaction at Target during the time period they indicated of the breach, and many other banks/financial institutions have done likewise. The value of the purloined data is heading towards nil quickly.
  • by Patent Lover (779809) on Tuesday January 14, 2014 @10:53PM (#45960939)
    It's 110 million. Yes about 1/3 of the U.S. population has used a credit card at Target. I pray they don't hit Wal Mart.
  • by DigiShaman (671371) on Tuesday January 14, 2014 @11:05PM (#45961025) Homepage

    Well given how successful this was on a Windows based POS system, just imagine all the restaurants, and bars that might be compromised too. I'm in agreement with what others have said; we need to go to the Chip-and-PIN system. If we are going to be replacing CC for potentially hundreds of millions of people, now is the time to make the switch. If the bank wants to charge me a few extra bucks for a fancy new card, do it. I'd rather have the peace of mind after this fiasco.

  • by baker_tony (621742) on Tuesday January 14, 2014 @11:32PM (#45961231) Homepage

    Wait, American's aren't using chip and pin yet?

  • Re: Stupid People (Score:4, Interesting)

    by Redmancometh (2676319) on Wednesday January 15, 2014 @02:07AM (#45962201)

    I'm surprised I haven't seen anyone mention this, but I think they single-handedly killed the market. Think about it...no one knows all of the CC numbers yet. Not only should no one buy off of those guys, but no one knows who those guys are. So if say 80% of the cards are cancelled there are now 32 million legitimate useless credit card numbers out there.

    No one is going to trust anyone. I have a feeling this is going to do the blackhat community quite a blow.

  • Re:What me worry? (Score:4, Interesting)

    by black6host (469985) on Wednesday January 15, 2014 @10:14AM (#45964543)

    As for parent, I recall my boss telling me something about retail: It would be better to pay roughly 20% of the people who buy from you to walk away rather than deal with them, because the problems they'll have will ultimately cost you more.

    Somehow, as a favor to someone, I ended up managing the operations of a service based company for a short period of time. We would have customers that constantly were saying: "Do you know who I am?" Usually the past, past, past president of some condo association. Or customers who thought we'd starve without their business and make all kinds of unreasonable demands that would result in a loss to us. We'd let that happen maybe two or three times and when it became apparent that the customer's behavior was chronic I would simply tell them that our goal was to satisfy our customers in every way and obviously we were unable to meet their needs. We valued their satisfaction and felt they would be better served by another company. I'd then suggest a competitor for them to call. The reactions were priceless! They couldn't believe they were being "fired". It helped us two ways. First, it freed up our resources to service the customers who appreciated being treated fairly (and we really were service oriented, money back guarantee on everything.) Second, by the time our competitor figured out what kind of customer they just took on they had suffered the loss.

    This was a service industry where there was more work to do than we had people to do it so there really was no loss to us in culling the bad ones. Offtopic I know but maybe someone will benefit from our experience.

  • Re: Stupid People (Score:4, Interesting)

    by BosstonesOwn (794949) on Wednesday January 15, 2014 @12:02PM (#45965751)

    As some one who deals with security on a daily basis, I have seen tools to prevent this.

    What happens is someone advertises say 10 K cards for sale. They actually package 15 K cards in the pack, when the user gets the pack they have a robot ap that goes and makes purchases from shops that are on the internet and are known to be able to easycard fraud friendly. The robots order something quickly like a $20 cable or piece of merchandise. If its declined the card is dropped from the database.

    Once all the cards are checked if the buy has close to 10 K they don't care. If less then say 8 K they get another chunk of 4 K to go at again. Until they get close to the 10 K they were promised. This is how the good groups do it. The ones who don't care just sell in chunks of 5 K to 10 K with no guarantees.

    Now they also can use another system for cards to do quick transactions checks just like paypal would do to check if the card is valid. Small bump purchase then issue a refund if they want to hide from the owner of the card.

    I have to monitor these "groups" as I need to make sure that none of my servers are being used in their scams. A good security guy keeps his eye on everything ! And yes we monitor IRC and other methods of chatter to see if any of our servers have been compromised.

System checkpoint complete.

Working...