In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover mass-scale losses that affect large numbers of consumers from trusted brands.
While it is important to raise awareness about keeping your data safe online and alerting average internet users that they may be victims of data theft, most users are exposed to risk far more frequently and without their knowledge.
In a story published Tuesday on the Bank Information Security blog, Tracy Kitten detailed the exploits of Rogelio Hackett, Jr., who stole more than 675,000 credit cards. The resulting damages exceeded $36 million.
Hackett’s strategy? Find smaller organizations who have not coded their websites properly, allowing access to their data via SQL injection vulnerabilities. Based upon the reports I see from customers and other researchers, there are likely hundreds, if not thousands, of Hacketts out there systematically looking for low-hanging fruit.
Hackett may be sentenced to 12 years in prison for his crimes, but for every attacker who is caught, another one is ready to fill his shoes.
The FBI issued an security hubs.
Related Posts
- PlayStation Network hacked: Personal data of up to 70 million people stolen
Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.
The implications of the hack, which r... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Tom Tom sounds the privacy drum – road safety or no road safety!
Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.Faced with evidence that the Dutch poli... - The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims
This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase "broken record" may come to mind.Yes, more user information has been le... - Why you shouldn’t reveal your Royal Wedding Guest name on Facebook
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here's a typical message that is currently being spread by well... - Sony says credit card details *were* encrypted, but questions still remain
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStati... - Sony PlayStation data breach fiasco: what bugs me about it
I have been skimming the glut of news stories covering the PlayStation hack following Sony's statement yesterday.
The issues that keeps coming back to me are these:
1. Sony, like any company who ke... - PlayStation Network hacked: five days and counting..
The Sony PlayStation Network, used by millions of online videogame players around the world, has been offline since Wednesday 20th April.
You can still play games offline, but if you want to connect ... - Easter Egg locations remain safe, says Bunny spokesperson
Reports surfaced late today that the Easter Bunny had a minor incident while hiding the last of his eggs during his traditional Easter mission.Every year the Easter Bunny travels the world hiding brig... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate...
Posted on 29 April 2011. Tags: Banking, Business, Data, Featured, Fraud, loss, Malware, Small
The above information is reprinted from and copyrighted © by Naked Security - Sophos.
