A hacker group which breached Adobe systems last month appears to have made a huge haul in swiping some 850,000 cleartext records from a limousine service which ferried some of the world's most rich and famous.
Data including the phone numbers and residence of actors, top executives and politicians were now in the hands of crackers along with a quarter of a million cleartext credit card numbers for their limitless or near-limitless American Express accounts and some damning observations taken by drivers of the well-heeled passengers.
The records reportedly stolen from US business CorporateCarOnline included information on NBA champion LeBron James, actor Tom Hanks and businessman Donald Trump along with directors and chief executives at Morgan Stanley, Boeing and Lego Corp.
A host of records for US lawmakers were also included, KrebsonSecurity reported.
Other notes obtained included enough details on the company's famous fares to make a tabloid editor salivate. Driver's had in notes named customers who had performed sex acts in vehicles, smoked pot or had criminal histories.
The records were found on the same server where US security consultant Mark Hold and Brian Krebs discovered stolen Adobe source code and sensitive data for PR Newswire.
The data was immensely valuable to attackers: the cleartext American Express cards would fetch top dollar on underground carding forums, while personal travel information including the private jets executives travelled on could be used to craft convincing targeted phishing attacks.
It was possible attacks had already been launched. The chief executive of security firm Mandiant -- which famously aired allegations that Beijing was sponsoring a coordinated cracking effort against major US targets -- received a phishing email purporting to be an invoice from the hacked limousine company which contained an Adobe pdf payload.
Kevin Mandia told Foreign Policy magazine he suspected the email was faked because the invoice dates were inaccurate.
CorporateCarOnline boss Dan Leonard refused to comment to KrebsonSecurity and did not immediately return a further request for a statement.