Hackers have exposed the details of 15,000 credit cards after breaking into the companies responsible for maintaining the information.
Israel’s Army Radio reported that a group of computer hackers claiming to be of Saudi Arabian origin had taken credit for exposing the credit card details, according to US reports.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The Bank of Israel was quick to issue a statement that the affected cards have been blocked from further use and card holders will not be held liable for any fraud caused by the leak.
The central bank also said the cards, which were issued by Israel Credit Cards, Isracard and Leumi Card, will be replaced.
While the incident does not demonstrate any significant technology advancement, it is interesting to note that this breach indicates that merchants involved in the incident were anything but PCI [Payment Card Industry] compliant, says Amichai Shulman, chief technology officer of security firm Imperva.
However, the really interesting aspect of the breach, he says, is the opportunities it created for attackers.
“One of the immediate effects of the breach is that people in Israel rushed over to the web to check whether they are in the list. This created a wonderful opportunity for attackers of all kinds to promote their business by posting fake links to the list. These links, promoted through black hat search optimisation, are part of either click-fraud campaigns or malware infection schemes,” he said.
Other quick entrepreneurs posted web applications which allow people to check whether their name is in the file by supplying either their e-mail - some of which are legitimate applications posted by security researchers - or their Israeli ID number, which are clearly not legitimate, said Shulman.
“This is of course just a preface to the true problem coming: phishing campaigns and phone scams that are sure to follow,” he said.
Imperva expects a deluge of e-mails, allegedly from the credit issuer that calls for some information disclosure on the part of the recipient as part of an “account restitution” procedure.