Hackers expose 15,000 Israeli credit card details

News

Hackers expose 15,000 Israeli credit card details

Warwick Ashford

Hackers have exposed the details of 15,000 credit cards after breaking into the companies responsible for maintaining the information.

Israel’s Army Radio reported that a group of computer hackers claiming to be of Saudi Arabian origin had taken credit for exposing the credit card details, according to US reports.

The Bank of Israel was quick to issue a statement that the affected cards have been blocked from further use and card holders will not be held liable for any fraud caused by the leak.

The central bank also said the cards, which were issued by Israel Credit Cards, Isracard and Leumi Card, will be replaced.

While the incident does not demonstrate any significant technology advancement, it is interesting to note that this breach indicates that merchants involved in the incident were anything but PCI [Payment Card Industry] compliant, says Amichai Shulman, chief technology officer of security firm Imperva.

However, the really interesting aspect of the breach, he says, is the opportunities it created for attackers.

“One of the immediate effects of the breach is that people in Israel rushed over to the web to check whether they are in the list. This created a wonderful opportunity for attackers of all kinds to promote their business by posting fake links to the list. These links, promoted through black hat search optimisation, are part of either click-fraud campaigns or malware infection schemes,” he said.

Other quick entrepreneurs posted web applications which allow people to check whether their name is in the file by supplying either their e-mail - some of which are legitimate applications posted by security researchers - or their Israeli ID number, which are clearly not legitimate, said Shulman.

“This is of course just a preface to the true problem coming: phishing campaigns and phone scams that are sure to follow,” he said.

Imperva expects a deluge of e-mails, allegedly from the credit issuer that calls for some information disclosure on the part of the recipient as part of an “account restitution” procedure.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy