The hackers that stole millions of credit card numbers in the Target and Home Depot breaches were found responsible for the latest incident targeting the online parking reservation service Book2Park.com.
According to independent security journalist Brian Krebs, a new batch of credit card numbers went up for sale on Rescator[dot]cm – a popular underground store. Several financial institutions then confirmed that the cards had all been issued to customers who had made a recent transaction on Book2Park’s website.
Parking reservation service owner Anna Infante responded to the alleged breach by confirming a technology firm had discovered malicious files on Book2Park’s servers recently, but assured the company had taken appropriate action:
“We already took action on this, and we are totally on it,” said Infante. “We are taking all further steps in protecting our customers and reporting this to the proper authorities.”
The breach follows two other similar incidents since December 2014, in which customers of Park ‘N Fly and OneStopParking.com also had their credit card information stolen, and were seen sold for prices ranging $6 to $18 on the same underground site.
“Unlike card data stolen from main street retailers – which can vbe encoded onto new plastics used to buy stolen goods in physical retail stores – cards stolen from online transactions can only be used by thieves for fraudulent purchases,” explains Krebs.
“However, most online carding shops that sell stolen card data in underground stores market both types of cards, known in thief-speak as ‘dumps’ and ‘CVVs’ respectively.”
Book2Park currently has nearly 90 locations across the United States.
The number of customers impacted by the hack is yet to be determined.