A limousine brokering service that was recently the target of a high profile breach appears to have been compromised by the same attackers who pwned Adobe, PRNewswire, and several large data brokers.
The company, CorporateCarOnline, caters to leading celebrities, Fortune 500 executives and elected officials, and the attackers made ff with somewhere the neighborhood of 850,000 records which included credit card numbers and expiration dates.
The data was allegedly unencrypted and stored in a database in plain text, a big time security 101 no-no.
Brian Krebs of KrebsOnSecurity had connected the event to the recent Adobe breach and the compromise of multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background America, and also to a breach at PRNewswire earlier this year.
During his investigation into an identity theft ring behind the breaches, Krebs also discovered a bounty of stolen source code for Adobe’s ColdFusion Web application platform and for its Acrobat products.
The Adobe breach has exposed more than 150 million emails, usernames, passwords and password hints, all stored with a weak symmetric encryption algorithm.
According to new analysis by Tripwire’s Ken Westin, the database includes some 234,379 military and government accounts, more than 6,000 accounts from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE Systems, 433 FBI accounts, 82 NSA accounts and 5,000 NASA accounts.