In what could be considered a measure of the speed of cybercrime, millions of credit and debit card account information stolen in the recent Target department store compromise have already hit the black market, according to supplemental reporting on the breach from Brian Krebs.
The investigation thus far indicates that attackers appear to have had access to Target’s systems from Black Friday to December 15th.
Officials from at least one major bank have confirmed that they found stolen account information being sold on the black market in large batches of one million cards, with prices ranging from from $20 to more than $100 per card.
“I spoke with a fraud analyst at a major bank who said his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts from a well-known ‘card shop’ — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards,” Krebs reports.
“Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim’s bank account.”
Target has confirmed that at least 40 million debit and credit cards from stores nationwide, rivaling the attack a few years back on breach poster-child TJX Inc., where 46.5 million credit card numbers were compromised over 18 months during a cyber intrusion.
Read More Here…