Cards stolen in massive Target breach flood underground “card shops”

Credit and debit card accounts stolen in the massive data breach that recently hit retail giant Target are flooding the underground markets frequented by criminals, who are paying as much as $100 per card, according to KrebsonSecurity reporter Brian Krebs.

In a post published Friday, Krebs said he first learned of the breach after a fraud analyst at a major bank said his team bought a large number of the bank's cards on a well-known "card shop." The analyst's team was then able to work its way backward and independently confirm Target had been breached. Krebs went on to break the story, and Target eventually confirmed that about 40 million cards may have been compromised during a breach that extended from November 27 to December 15. In Friday's post, Krebs continued:

There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim’s bank account.

At least two sources at major banks said they’d heard from the credit card companies: More than a million of their cards were thought to have been compromised in the Target breach. One of those institutions noticed that one card shop in particular had recently alerted its loyal customers about a huge new batch of more than a million quality dumps that had been added to the online store. Suspecting that the advertised cache of new dumps were actually stolen in the Target breach, fraud investigators with the bank browsed this card shop’s wares and effectively bought back hundreds of the bank’s own cards.

When the bank examined the common point of purchase among all the dumps it had bought from the shady card shop, it found that all of them had been used in Target stores nationwide between Nov. 27 and Dec. 15. Subsequent buys of new cards added to that same shop returned the same result.

Krebs's account is consistent with the findings of fraud prevention service Easy Solutions. On Thursday, the company reported that its Detect Monitoring Service (DMS) had recently sensed some unusual activity.

Read 3 remaining paragraphs | Comments