eskisehir termal otel ankara evden eve nakliyat Antika mobilya alanlar
Tech News

A network of counterfeit clothing stores has exposed 330,000 customer credit cards • TechCrunch

If you have recently made a purchase from a foreign online store that sells fake clothes and items, there is a chance that your credit card number and personal information have been exposed.

Since Jan. 6, a database containing hundreds of thousands of unencrypted credit card numbers and associated cardholder information has been circulating the open web. At the time it was taken offline on Tuesday, the database contained about 330,000 credit card numbers, cardholder names, and full billing addresses — and this number rose in real time as customers placed new orders. The data contains all the information a criminal would need to make fraudulent transactions and purchases using a cardholder’s data.

The credit card numbers belong to customers who have made purchases through a network of nearly identical online stores claiming to sell designer goods and clothing. But the stores had the same security problem in common: Every time a customer made a purchase, their credit card and billing information was stored in a database, which was put on the Internet without a password. Anyone who knew the IP address of the database had access to large amounts of unencrypted financial data.

Anurag Sen, a good faith security researcher, found the exposed credit card information and asked TechCrunch for help reporting it to the owner. Sen has a respectable track record of scanning the Internet for exposed servers and inadvertently published data, reporting it to companies to secure their systems.

But in this case, Sen wasn’t the first person to discover the spilled data. According to a ransom note left in the exposed database, someone else had found the leaked data and instead of trying to identify the owner and report the leak responsibly, the unnamed person instead claimed to have made a copy of the entire contents of the database of credit card information and would return it in exchange for a small amount of cryptocurrency.

A review of the data by TechCrunch shows that most credit card numbers are owned by cardholders in the United States. Several people we contacted confirmed that their disclosed credit card information was accurate.

TechCrunch has identified several online stores whose customer data has been exposed by the leaked database. Many of the stores claim to operate from Hong Kong. Some stores are designed to sound like big brands, like Sprayground, but whose websites have no discernible contact information, typos and spelling mistakes, and a noticeable lack of customer reviews. Internet registrations also show that the websites have been set up in recent weeks.

Some of these websites are:

  • spraygroundusa.com
  • ihuahebuy.com
  • igoodlinks.com
  • ibuysbuy.com
  • lichengshop.com
  • hzoushop.com
  • goldlyshop.com
  • haohangshop.com
  • twinklebubble.store
  • spendidbuy.com

If you’ve bought something on one of those sites in the past few weeks, you might want to consider that your debit card has been compromised and contact your bank or card provider.

It is not clear who is responsible for this network of counterfeit stores. TechCrunch contacted a person via WhatsApp whose Singapore registered phone number was listed as a contact point in several online stores. It’s not clear if the listed contact number is even involved with the stores, as one of the websites listed the location as a Chick-fil-A restaurant in Houston, Texas.

Internet records showed that the database was operated by a Tencent customer, whose cloud services were used to host the database. TechCrunch contacted Tencent about the leak of credit card information in its customer’s database, and the company responded quickly. A short time later, the customer’s database went offline.

“When we learned of the incident, we immediately contacted the customer who manages the database and it was immediately shut down. Data privacy and security are top priorities at Tencent. We will continue to work with our customers to ensure they maintain their databases securely,” said Carrie Fan, Global Communications Director at Tencent.

Read more:

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close
Bolu escort gümüshane escort istanbul escort Kamagra Levitra Novagra Geciktirici