Hackers raid massive database of rich and famous

By

Steal 250,000 cleartext limitless credit cards.

A hacker group which breached Adobe systems last month appears to have made a huge haul in swiping some 850,000 cleartext records from a limousine service which ferried some of the world's most rich and famous.

Hackers raid massive database of rich and famous

Data including the phone numbers and residence of actors, top executives and politicians were now in the hands of crackers along with a quarter of a million cleartext credit card numbers for their limitless or near-limitless American Express accounts and some damning observations taken by drivers of the well-heeled passengers.

The records reportedly stolen from US business CorporateCarOnline included information on NBA champion LeBron James, actor Tom Hanks and businessman Donald Trump along with directors and chief executives at Morgan Stanley, Boeing and Lego Corp.

A host of records for US lawmakers were also included, KrebsonSecurity reported.

Other notes obtained included enough details on the company's famous fares to make a tabloid editor salivate. Driver's had in notes named customers who had performed sex acts in vehicles, smoked pot or had criminal histories.

The records were found on the same server where US security consultant Mark Hold and Brian Krebs discovered stolen Adobe source code and sensitive data for PR Newswire.

The data was immensely valuable to attackers: the cleartext American Express cards would fetch top dollar on underground carding forums, while personal travel information including the private jets executives travelled on could be used to craft convincing targeted phishing attacks.

It was possible attacks had already been launched. The chief executive of security firm Mandiant -- which famously aired allegations that Beijing was sponsoring a coordinated cracking effort against major US targets -- received a phishing email purporting to be an invoice from the hacked limousine company which contained an Adobe pdf payload.

Kevin Mandia told Foreign Policy magazine he suspected the email was faked because the invoice dates were inaccurate.

CorporateCarOnline boss Dan Leonard refused to comment to KrebsonSecurity and did not immediately return a further request for a statement.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
adobecredit cardsdata breachmandiantsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?