Monthly Archives: March 2014

Who’s Behind the ‘BLS Weblearn’ Credit Card Scam?

March 31, 2014

A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called “BLS Weblearn” is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years.

Who Built the ID Theft Service SSNDOB.ru?

March 27, 2014

Previous stories on this blog have highlighted the damage wrought by an identity theft service marketed in the underground called ssndob[dot]ru, which sold Social Security numbers, credit reports, drivers licenses and other sensitive information on more than four million Americans. Today’s post looks at a real-life identity behind the Russian man likely responsible for building this service.

ZIP Codes Show Extent of Sally Beauty Breach

March 25, 2014

Earlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. While the number of cards known to be compromised so far pales in comparison to the 40 million cards exposed by the breach at some 1,800 Target locations, new analysis suggests that the Sally Beauty breach may have impacted far more stores –virtually all 2,600+ Sally Beauty locations nationwide.

Sources: Credit Card Breach at California DMV

March 22, 2014

The California Department of Motor Vehicles appears to have suffered a wide-ranging credit card data breach involving online payments for DMV-related services, according to banks in California and elsewhere that received alerts this week about compromised cards that all had been previously used at California DMV locations.

Are Credit Monitoring Services Worth It?

March 19, 2014

In the wake of one data breach after another, millions of Americans each year are offered credit monitoring services that promise to shield them from identity thieves. Although these services can help true victims step out from beneath the shadow of ID theft, the sad truth is that most services offer little in the way of real preventative protection against the fastest-growing crime in America.

The Long Tail of ColdFusion Fail

March 17, 2014

Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions.

Blogs of War: Don’t Be Cannon Fodder

March 13, 2014

On Wednesday, KrebsOnSecurity was hit with a fairly large attack which leveraged a feature in more than 42,000 blogs running the popular WordPress content management system (this blog runs on WordPress). This post is an effort to spread the word to other WordPress users to ensure their blogs aren’t used in attacks going forward.