[Dshield] Re: Mastercard / Visa hacked?

Johannes Ullrich jullrich at euclidian.com
Wed Sep 10 02:24:10 GMT 2003

>     "We have been advised that an unauthorized party may have accessed some
> credit card account numbers.  While your "company name" card currently shows
> no fraudulent activity, this unauthorized access appears to involve credit
> cards from a number of leading credit card companies."

Likely, a merchant you used got hacked, not Mastercard/Visa themselves.
The standard procedure is to notify customers in these cases and hand
out new credit cards, even before any fraudulent charges show up. 

For example, an e-tailer may find that their database got infected by
Blaster. While blaster is not stealing credit cards, this may indicate
that they had a problem with that system (it was vulnerable to dcom.c).
If they are responsible, they assume that all cards in their database
are stolen and notify the creditcard company.

(on the other hand: They probably should not have kept the card numbers
around in the first place. But sh*t happens) 

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list