Slashdot Mirror

← Back to Stories (view on slashdot.org)

Walmart Stored Value Cards Compromised

Posted by michael on from the buyer-beware dept.

morcheeba writes "It appears that Walmart's pre-paid gift cards have been hacked. Customers are buying cards and finding that criminals have already emptied them of value. It seems someone has access to Walmart's database and/or registration data, and can create clones of recently activated cards. (via engadget)"

2 of 450 comments (clear)

  1. Re:I think it's an inside job by Anonymous Coward · · Score: 5, Informative

    I know a little bit about Wal-Mart's Networking layout.

    Your typical store has at least 6 sets of switches: UPC office (where the servers are kept), GM (general Merchandise), GRC (Grocery), Garden Center, PICS (In the electronics Department, and Receiving. These switches are laid out into at least 3 vlans: POS, Non POS, and Wireless. By Default, the POS vlans are set to ports 1-12 on the switch. The switches are connected by a fiber backbone that usually involves two separate physical routes...so if one is cut, the other will be able to pick up the load. They're concnentrated to some cisco routers, and it'll go out either a 56K modem line or a T1 line, using a Hughes Sattelite link as a backup.

    You've got your usual mixture of IBM Cash register controllers (CC and DD), what they call their "SMART" system (I think it's running a flavor of AIX), BOSS (Best Optical Selling System), MMS (Multi-Media Server, runs the Wal-mart TV Network), and a few others.

    It's trivial to get into a UPC office to gain access to these things. Most stores don't check ID's, let alone work orders. Default passwords are commonplace ("ma5t3r", "9052/9052" and the like), and it's very easy to get an employee to Log in for you if needed. WalMart keeps printed logs of just about every transaction that is created, as well as in electronic form.

    If it were an inside job (which I doubt knowing the intellect of most Wal-Mart Workers. Do you want to be the squiggly?), all someone would have to do is gain access to the UPC office, bring yer good ole' hub, a WAP, and volia....no one would ever notice (usually because there are boxes stacked in the UPC offices, and well, no one really has a clue to what really needs to be in there, anyway).

    (Posted AC to protect my job)

  2. They do have logs. by nietzsche_freak · · Score: 5, Informative
    They do log when and where the cards are activated and emptied. From TFA:
    Carol's shopping card was purchased in Olympia, and days later, cashed out by a stranger at the Wal-Mart in Chehalis even though Carol still had the card.
    "Here's my receipt," Carol points to the shopping card notation at the bottom which reads: "Shop card reception 0.00"
    In Tami's case, her receipt shows the $150.00 card was activated at 11:32 in the morning, then cashed out three hours later in a another state!
    My guess is they'll nail the ones responsible in short order, seeing as how they know dates, times, and locations, and no doubt have decent electronic surveillance inside their stores as well (for all those pesky shoplifters ).