Cards pilfered in Target breach for sale in underground markets

Share this article:
Credit and debit cards stolen by hackers in the breach started turning up in online marketplaces.
Credit and debit cards stolen by hackers in the breach started turning up in online marketplaces.

Credit and debit cards and CVV codes pilfered by hackers in the holiday Target breach have begun showing up for sale in underground marketplaces at about $20 to $100 per card, according to technology journalist Brian Krebs, who first broke the story of the 40 million card theft.

“There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country,” Krebs wrote on Friday. In a follow-up article posted Sunday, Krebs said that non-U.S. cards were fetching an even higher price of about $23 to $135.

Krebs explained that one black marketplace in particular has been selling dumps, which is the information ripped straight from the magnetic stripes of the cards and sold in bulk. The technology journalist said that some dumps contain up to a million accounts.

“Armed with that information, thieves can effectively clone the cards and use them in stores,” Krebs wrote. “If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim's bank account.”

Target announced Thursday that it had become the victim of an attack between Nov. 27 and Dec. 15 that may have compromised approximately 40 million credit and debit cards and CVV codes, as well as customer names.

Officials with the retail giant have yet to confirm exactly how attackers were able to steal the information, but most experts agree that hackers targeted point-of-sale (POS) devices.

On Friday, Gregg Steinhafel, chairman, president and CEO of Target, issued a statement on the retailer's website in which he wrote that Target or the banks will be responsible for fraudulent charges to victims' cards. He added that all affected individuals will be offered free credit monitoring services.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.