Stratfor Breach Leads To Over $700k In Fraud

← Back to Stories (view on slashdot.org)

Stratfor Breach Leads To Over $700k In Fraud

Posted by Soulskill on Monday March 12, 2012 @12:14AM from the send-them-a-bill dept.

wiredmikey writes "It isn't often that after a data breach involving credit cards, the public is given information on the exact amount money lost by consumers as a result. Thanks to the FBI, however, we now have a better understanding of what 60,000 stolen credit cards translates to financially, as this data was included in their investigation notes while working the Stratfor case. The last time the public had something close to actual stats from the source, we learned that the TJX breach cost Visa $68 million in 2007, two years after the TJX network was compromised by Albert Gonzalez. Yet, those were Visa's estimates. Now, in the aftermath of the Stratfor breach, the FBI has attributed $700,000 worth of charge fraud to the 60,000 credit card records taken during the network compromise. AntiSec supporters walked away with 860,160 usernames and passwords, in addition to the credit card records."

68 comments

Min score:

Reason:

Sort:

So here we have the real motive by msobkow · 2012-03-12 00:21 · Score: 5, Insightful

Money.
Not "leaked documents" or "liberated intelligence."
Plain old fashioned credit card fraud.

--
I do not fail; I succeed at finding out what does not work.
1. Re:So here we have the real motive by WrongSizeGlass · 2012-03-12 00:26 · Score: 1
  
  They averaged less than $12 per stolen card. That's not a very good 'harvest'.
2. Re:So here we have the real motive by IamTheRealMike · 2012-03-12 00:36 · Score: 5, Informative
  
  No, I think the real motivation was ideological if you read the profiles of Hammond. He used the stolen numbers to donate to charity.
  The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.
  It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.
3. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 00:37 · Score: 0
  
  IIRC, the fraudulent charges were mainly donations to various charities that the Anon/Lulz group felt were deserving. It was more hacktivism than theft, though it was fraud. Unfortunately for those charities, they probably incurred chargeback fees (see below) costing them real money.
4. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 00:37 · Score: 0
  
  And not a cent of that pain will be felt by the consumer; only the credit card processor and Stratfor due to Visa/MC rules.
5. Re:So here we have the real motive by Man+On+Pink+Corner · 2012-03-12 00:55 · Score: 5, Interesting
  
  It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.
  Maybe that was Hammond's whole idea. By feeding bogus credit-card donations to controversial charities like the Church of Scientology, ACLU, NRA, or Freedom From Religion Foundation, you could effectively DoS them, as far as their ability to take Visa/MC is concerned.
6. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 01:05 · Score: 0
  
  how would robin hood go about doing it in the digital age?
7. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 01:07 · Score: 3, Insightful
  
  If you complete the circle here, it does come back to the consumer, via retailers who have to pay processing fees and price their goods accordingly.
  In the end, the consumer always pays.
8. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 01:12 · Score: 2, Informative
  
  The merchants who processed the stolen cards will be the one bearing the cost. Stratfor will only be fined by the CC companies if they are found to have violated industry rules (PCI compliance, etc.)
9. Re:So here we have the real motive by biodata · 2012-03-12 01:12 · Score: 4, Interesting
  
  So, given that the Stratfor hack was an FBI operation, is it now clear that the FBI deliberately sought to harm a number of charities through this mechanism? That doesn't sound like good use of public money.
  
  --
  Korma: Good
10. Re:So here we have the real motive by Svartalf · 2012-03-12 01:21 · Score: 1
  
  Don't forget that this is the TJX breakin that this is talking about- Slashdot's munging the concepts together. TJX was purely about money by crooks from start to finish.
  
  --
  I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
11. Re:So here we have the real motive by Svartalf · 2012-03-12 01:26 · Score: 0
  
  Note to self... Never post before having your IV injection of caffene.
  Now, one wonders... How is it that Stratfor, a private intelligence gathering interest (They called it a "think-tank", it's not QUITE that sort of interest...), be having this sort of information within themselves. It should be noted that a lot of damning info came out of the breach recently that pretty much devastates the Democratic Party's existence and places the current Administration's existence at risk (Being caught out explicitly screwing with the Presidential and other election processes will do that for you...)- are we sure that this "credit card" loss isn't just a smoke screen?
  
  --
  I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
12. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 01:37 · Score: 2, Interesting
  
  I am confident that the NRA is not a charity. It is a political action committee.
13. Re:So here we have the real motive by fast+turtle · 2012-03-12 01:40 · Score: 2
  
  Well I'll have to correct you about the NRA. It's not a Charity so calling it a controversial charity for a Political Action Organization is like Calling Superman a Wimp.
  AFAIK - Scientology does qualify under the screwy U.S. Rules as a charitable religious organization so I'll let that one slide and no, the purpose wasn't to DoS them. It was to cut off their funding or get them investigated, which for Scientology couldn't happen to a nicer bunch of people.
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
14. Re:So here we have the real motive by berashith · 2012-03-12 01:45 · Score: 2
  
  Given that the info is released by the organization that arranged the action ( and could therefore get some big negative publicity for it ) , I dont think I trust the number at all.
15. Re:So here we have the real motive by trum4n · 2012-03-12 02:08 · Score: 1
  
  Bitcoins, clearly.
16. Re:So here we have the real motive by L4t3r4lu5 · 2012-03-12 02:12 · Score: 2
  
  I was recently the victim of card fraud. Bank stopped the transaction, but I still had to go in to the local branch to unblock my accounts. I explained that I knew how these things worked regarding small charitable donations, asked for a statement to look for other unauthorised transactions, and found none..
  
  I don't know if there's the option to allow the charitable donations to stand and then refuse other charges; Technically it wasn't me who made the donation, yet I'd rather not cost the charity money for the sake of Â£5. It wasn't their fault.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
17. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 02:25 · Score: 1
  
  It should be noted that a lot of damning info came out of the breach recently that pretty much devastates the Democratic Party's existence and places the current Administration's existence at risk (Being caught out explicitly screwing with the Presidential and other election processes will do that for you...)
  What are you talking about? I didn't get that memo.
18. Re:So here we have the real motive by sl4shd0rk · 2012-03-12 02:55 · Score: 2
  
  Plain old fashioned credit card fraud.
  No, It's spin. Anonymous looks like a douche and the public will buy the FBI story and never really hear about the real reasons behind the attack.
  Pilfering the coffers has never been a primary motive behind Anonymous. Grabbing CC data is a way of gaining proof and leveraging control over the place you cracked. For the FBI however, It's much easier to build a legal case against the crackers by spinning the attack into a monetary motive. What sounds better in the news? "We're charging xxxx with trespassing and criminal damage because they wanted to make a statement about the evils of Strator" or "We're charging xxxx with theft and $700k in credit card fraud".
  
  --
  Join the Slashcott! Feb 10 thru Feb 17!
19. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 02:57 · Score: 0
  
  If the situation is as you say and the consumer always pays (which seems logical to me given it's him that injects money in the system in the first place) why do you appear surprised when that fact is confirmed ?
20. Re:So here we have the real motive by MobileTatsu-NJG · 2012-03-12 03:25 · Score: 2
  
  Well, no, they still have to respond to supply and demand. Factor in competition and... no, prices aren't going to be raised. If they could get away with it, they would have raised them anyway.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
21. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 03:32 · Score: 0
  
  You assume the FBI is telling the truth. What if they're smearing Anonymous (again)
22. Re:So here we have the real motive by shoehornjob · 2012-03-12 03:56 · Score: 1
  
  If we know how many of those cards actually were used before they were all shut down I'll bet they got more that 12.00 per card.
  
  --
  "We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
23. Re:So here we have the real motive by tlhIngan · 2012-03-12 05:19 · Score: 2
  
  The problem is, he's an idiot who doesn't understand how credit cards work. Fraudulent charges to charities actually hurts them because they get fined when chargebacks occur. So they don't get to keep the money, they lose extra money on top, and VISA/MC have a habit of disconnecting you from the credit card system entirely if they get too many chargebacks.
  It's really tough to imagine a nastier or more stupid thing to do than use stolen credit cards with charities.
  
  I don't know if there's the option to allow the charitable donations to stand and then refuse other charges; Technically it wasn't me who made the donation, yet I'd rather not cost the charity money for the sake of ÃÂ£5. It wasn't their fault.
  Charities do get special consideration by Visa/MC - they often have very special deals where Visa/MC will NOT charge them transaction fees (lets Visa/MC "donate" the charges), nor other fees for accepting credit cards (most charities would probably wither off and die if they couldn't accept credit cards, so the credit card companies offer them this in exchange for tax receipts most likely).
  So monetarily, most charities will not be penalized. They will be penalized in that someone has to go over the chargeback paperwork and handle it, which means one less volunteer helping out and increased administration costs for the charity.
24. Re:So here we have the real motive by Savantissimo · 2012-03-12 05:23 · Score: 1
  
  Me either. Considering the lack of trouble for Bush outright stealing two presidential elections, I wouldn't hold my breath, even if whatever the GP is frothing about is actually true.
  
  --
  "Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
25. Re:So here we have the real motive by Anonymous Coward · 2012-03-12 07:09 · Score: 0
  
  The NRA is above and beyond a political action organization. The arm of the NRA responsible for politicking is the NRA-ILA (institute for legislative action), and yeah, there is that part to the organization, for better or worse--no argument.
  However, the main (and bigger) branch of the NRA supports firearms education, hunting safety programs, provide a standardized curriculum and classes for becoming a firearms instructor, tuition free training for law enforcement officers, training for range safety officers, and they sponsor a variety of shooting competitions. They also fund grants of various kinds (to help build state and municipal shooting ranges, wildlife conservation, etc. etc.) and even have substantial scholarships.
  Are they a 'charity' in the sense of giving to the poor? No, not really, and they're not alone in that either. But there's a lot more to the NRA than a lot of people care to understand, beyond whatever misconceptions and prejudices people are eager to retain.
26. Re:So here we have the real motive by siberian · 2012-03-12 08:42 · Score: 1
  
  Oh is that why AdSense nailed me for $1800?
  Charity my ass. It was fraud.
The real losers by IamTheRealMike · 2012-03-12 00:24 · Score: 5, Informative

What the summary doesn't make fully clear IMHO is that the cost of this fraud is not carried by VISA or the banks, but rather passed on to merchants ... who ultimately pass the cost on to anyone who uses credit cards. That is unfortunate, because it means the organizations financially incentivized to solve fraud are the ones who can't do anything about it. The organizations who can make these things more secure don't pay the price, which may explain why credit cards are still so insecure.
1. Re:The real losers by Anonymous Coward · 2012-03-12 00:29 · Score: 4, Insightful
  
  Quite. And then the merchant is charged for a chargeback, so fraud is actually profitable for banks.
  Once again the free market has produced the best solution... for the rich guy.
2. Re:The real losers by Anonymous Coward · 2012-03-12 00:36 · Score: 2, Interesting
  
  The cost is passed on to everyone, not just credit card users
  Even in places where charging extra for credit card usage is allowed (India), many merchants still prefer Credit cards for larger amounts since showing an ID is required, reduces the documentation work for the retailer(large cash transactions have a lot of paperwork involved) and its safer for the retailer since the money cannot be stolen
  Online payments are also much more secure (though less convienient) in India as compared to US, but dont support automatic payments
  Look up Verified by Visa and 3D secure
  Safety features exist, they are just not implemented in US since the customers there dont feel threatened by fraud due to strong consumer protection laws
3. Re:The real losers by Anonymous Coward · 2012-03-12 00:45 · Score: 0
  
  "Uh," almost every contract is subject to regulations beyond the precise wording - hell, law exists to simply determine how to interpret ambiguities in human language, and these laws reflect public policy. Arguing that something is not a result of the free market because "things could be more free!" is like arguing that Phelps isn't a hilarious and insane product of religion because he "could be even more fanatical!"
  The question to ask is: has the government required the banks to make a profit when credit card fraud occurs? The answer is no, so this is a market effect rather than regulatory effect. (To give an example where the level of profit is a regulatory decision, see the method for determining billing rates by privatised water companies in England. Of course Ofwat is also the best example of regulatory capture I can think of.)
4. Re:The real losers by Anonymous Coward · 2012-03-12 01:13 · Score: 0
  
  > Once again the free market has produced the best solution... for the rich guy.
  I'm pretty sure the rich guy has produced the best solution for the rich guy here
5. Re:The real losers by Anonymous Coward · 2012-03-12 03:09 · Score: 1
  
  Unless it's different in different countries, showing an ID is NOT required and in fact prohibited by the merchant agreement. If a vendor insists to see your ID when you attempt to pay with a card, you should report it to VISA.
6. Re:The real losers by Anonymous Coward · 2012-03-12 05:05 · Score: 0
  
  It IS different in various countries
  Here VISA and MC REQUIRE ID to be shown for purchases over INR 10k ($200)
7. Re:The real losers by Wandering+Idiot · 2012-03-12 09:19 · Score: 1
  
  How would they "pass the cost on" in any competitive market, since only some companies would be affected? Wouldn't the merchants' prices already be near the maximum/optimum? It would cut into their profit margins, not raise the prices.
Charge fraud is the new armed bank robbery by VinylRecords · 2012-03-12 00:25 · Score: 5, Interesting

Credit card fraud is a huge illegal industry. It finances drug gangs and cartels, terrorists, small organized crime, major organized crime (mafia), and occasionally the rogue individual hacker. It's the new form of armed bank robbery. Instead of guns they use computers though.
Of course while $700K in fraud by a few people is nothing to ignore, it is a bit ridiculous that the FBI devotes so many resources to catching these scumbags, while virtually ignoring the guys who swindle billions of dollars through stocks, insider trading, and pyramid schemes.
1. Re:Charge fraud is the new armed bank robbery by fuzzyfuzzyfungus · 2012-03-12 00:35 · Score: 5, Interesting
  
  At least doubly ridiculous in this case because Stratfor was 0wned after the FBI had infiltrated lulzsec, by the FBI's mole, using (in part) FBI provided server space to disseminate the goods...
  
  Given lulzsec's generally loose-cannon approach, it isn't clear that the FBI had to put them up to it; but the FBI certainly did stand by and do some case building while they knowingly watched Stratfor and their customer lists burn... I'll be interested to see if that ends up being awkward for them in some way...
2. Re:Charge fraud is the new armed bank robbery by Theophany · 2012-03-12 00:37 · Score: 5, Insightful
  
  The FBI "virtually ignore" them because it's the SECs job. That's like bemoaning the LAPD because it spends no time solving homicides in NYC.
3. Re:Charge fraud is the new armed bank robbery by Dr.+Tom · 2012-03-12 00:39 · Score: 1
  
  where are my mod points when I need them ... this sounds like they're downplaying it cuz fbi was a coconspirator here
4. Re:Charge fraud is the new armed bank robbery by nedlohs · 2012-03-12 00:55 · Score: 5, Informative
  
  Not quite. The FBI also invetigate such cases - sometimes with the SEC sometimes without.
  The funny thing is they've kicked it up in the last couple of years (with about 60 convictions), but the OP is too slow to notice:
  http://www.cnbc.com/id/46623058/FBI_Expands_Crackdown_on_Insider_Trading
5. Re:Charge fraud is the new armed bank robbery by Anonymous Coward · 2012-03-12 01:14 · Score: 0
  
  No, this won't be awkward for the FBI in any way. This is standard operating procedure for them; they've been doing it for decades, and the public, to the extent they consider it at all, seems to accept officers of the law perpetrating crimes as just the price we pay for our free, orderly society.
  What's that they say about a democracy giving people the government they deserve...
6. Re:Charge fraud is the new armed bank robbery by mcgrew · 2012-03-12 01:36 · Score: 3, Informative
  
  Credit card fraud is a huge illegal industry. It finances drug gangs and cartels
  Illegal drugs are an incredibly lucrative business and don't need to be financed by credit card fraud. Do the anti-drug zealots think we're all that stupid? "Credit card fraud finances the drug trade" is just an incredibly brain-dead thing to say and even more idiotic to believe.
  
  --
  Free Martian Whores!
7. Re:Charge fraud is the new armed bank robbery by eulernet · 2012-03-12 01:43 · Score: 1
  
  Credit card fraud is a huge illegal industry. It finances drug gangs and cartels, terrorists, small organized crime, major organized crime (mafia), and occasionally the rogue individual hacker.
  Citation needed !
  I doubt drug gangs, cartels, terrorists or any large organized crime use credit card fraud, since they have tons of money in other ways (drug and prostitution for example).
  Credit card fraud is too random to be seriously useful for large groups.
  But I'm also sure that small organized crime or individuals use it, since they just need to find mules.
Restitution? by Anonymous Coward · 2012-03-12 00:25 · Score: 0

Will Stratfor pay restitution to the victims for its criminal negligence in storing customer's credit card data insecurely / without encryption?
The Spin begins by Anonymous Coward · 2012-03-12 00:46 · Score: 0

I like how they said "money lost by consumers..." but did the consumers actually have to pay it?
TFS suggests FBI estimates accuracy than VISA? by Anonymous Coward · 2012-03-12 00:51 · Score: 0

We're talking about the same FBI, yes?
The roaring 20's all over again? by thesandbender · 2012-03-12 00:55 · Score: 4, Interesting

Durring the Great Depression, gangsters and bank robbers were pop-icons and even cult hero's in the U.S because they were perceived as sticking it to "the man". This is strikingly similar, we have a group of thieves trying to cast their actions as being for the "greater good".
1. Re:The roaring 20's all over again? by Anonymous Coward · 2012-03-12 01:14 · Score: 0
  
  a group of thieves trying to cast their actions as being for the "greater good".
  Post hoc procto ergo hoc.
2. Re:The roaring 20's all over again? by Anonymous Coward · 2012-03-12 02:00 · Score: 0
  
  Thats not it at all. People root for the bad guys because quite a few of us don't believe in "the system". Many people in the so called middle and lower classes have realized that the current ruling class uses us to stay on top and is not really interested in any equality in the real sense of the word. So many people are willing to settle for being wage slaves and living "comfortably" that things remain the same. The disillusioned's only hope is radicalizing more of these folks. Why should corporations be allowed to accumulate huge piles of money while people starve in the streets? Why shouldn't Facebook give you a share in their profit, after all you gave them the data that made them rich.
  And so on and so forth. Corporations / Government use money to control people.
  This is why we like people that stick it to the man. The man is real, and many people will never realize this.
3. Re:The roaring 20's all over again? by Anonymous Coward · 2012-03-12 02:38 · Score: 0
  
  Why should corporations be allowed to accumulate huge piles of money while people starve in the streets?
  Because the only countries in which "people starve in the streets" are ones where those corporations don't even operate.
4. Re:The roaring 20's all over again? by Anonymous Coward · 2012-03-12 06:25 · Score: 0
  
  Why should corporations be allowed to accumulate huge piles of money while people starve in the streets?
  Because the only countries in which "people starve in the streets" are ones where those corporations don't even operate.
  I don't think you can find more than very few countries were no corporation operates. Even North Korea, possibly the most closed country out there, deals with big corporations.
Released by the FBI too! by Anonymous Coward · 2012-03-12 01:23 · Score: 0

These credit card numbers were released while Sabu was under the control of the FBI!
ehrm by Skal+Tura · 2012-03-12 02:02 · Score: 1

It hasn't costed Visa that much, unless it's overhead costs.
Merchants don't get to keep fraudulent payments, VISA gets that money back. So only costs VISA would accrue is on the "overhead" bracket.

--
Pulsed Media Seedboxes
And the FBI Could've Stopped It by Zamphatta · 2012-03-12 02:07 · Score: 1

It's interesting now that we know Sabu was working for the FBI. I read in several articles this past week that the FBI used Sabu to put a halt to a few hacking jobs. Since the FBI didn't put a stop to this one, shouldn't they be considered an accomplice in the Stratfor job?
1. Re:And the FBI Could've Stopped It by Anonymous Coward · 2012-03-12 02:40 · Score: 0
  
  Sabu was head of LulzSec, they had no say in the Stratfor attack, that was done by AntiSec .
Incorrect assumptions by chrb · 2012-03-12 02:18 · Score: 4, Informative

Not "leaked documents" or "liberated intelligence." Plain old fashioned credit card fraud.
You have made several possibly incorrect assumptions here:
1. That AntiSec was the only group to hack the card data
2. That AntiSec profited from this crime, either by committing the actual credit card fraud, or selling the card data to someone who did
3. That AntiSec is a monolithic group with a management structure that can command its minions to do/do not do/whatever with data they obtain therefore making the group responsible for the actions of an individual
1. Re:Incorrect assumptions by Anonymous Coward · 2012-03-12 03:19 · Score: 0
  
  4. That the FBI was, in essence, behind the breach and any data "exposed" was cleverly crafted propaganda. Well, er, maybe?
2. Re:Incorrect assumptions by gl4ss · 2012-03-12 03:23 · Score: 1
  
  you wouldn't just give the cc's away and publish what you did if your main point was to acquire cc numbers for fraud.
  why is fbi releasing this data now? to make hacktivism seem like stealing, to justify why they spent a million dollars on operation takedown lulzsec(possibly more! check out how much fbi had personnel working on the case).
  in any case.. stratfor is actually responsible for the fraud committed, they kept a data cache they didn't have authority to keep, keeping a db like that goes against all cc processors TOS. the more advanced they can try to spin the hack as having been, been done by super commie hackers from outer space, is them trying to push responsibility away from them.
  
  --
  world was created 5 seconds before this post as it is.
3. Re:Incorrect assumptions by kmcrober · 2012-03-12 06:24 · Score: 1
  
  you wouldn't just give the cc's away and publish what you did if your main point was to acquire cc numbers for fraud.
  Yes I would. I would do it for two reasons:
  First, it would let me claim that I committed the crime for altruistic reasons, which would feed my ego and let me pretend to be a hero instead of a crook. Anonymous's fans don't seem to need or want a serious moral or ethical justification for the crime; they're happy with a paper-thin pretext. It helps if you keep referring to the company you hit as "the shadow CIA!!!!!!!", and don't say anything at all about the thousands of individual customers you victimized.
  Second, by releasing the numbers publicly, it would result in a widely distributed bloom of fraudulent transactions that would make my own thieving harder to trace. I would have assumed, at least, that a global rush of hits on the stolen CC numbers would give the original hackers a lot of cover for their own fraudulent use of Stratfor's customers' cards.
  why is fbi releasing this data now? to make hacktivism seem like stealing...
  It's not "like" stealing, it is stealing. They stole CC numbers from innocent strangers, and used them to victimize charities and for-profit businesses. Releasing a mountain of innocuous emails doesn't make it "hacktivism."
  in any case.. stratfor is actually responsible for the fraud committed, they kept a data cache they didn't have authority to keep...
  No. The people who broke into the Stratfor system, stole that data, and used it to make fraudulent transactions are "responsible for the fraud committed." Because they committed the fraud. If Stratfor was violating the processors' TOS, then it's responsible for violating the TOS. It is not responsible for malicious thefts committed by anonymous strangers.
Considering what the cards were being used for... by 3seas · 2012-03-12 03:46 · Score: 1

...to pay Stratfor for intelligence crap....you really have to think "Live by the intelligence crap, die by it...."
Lots better than innocent people dying due to intelligence crap...
Albert Gonzalez by Ukab+the+Great · 2012-03-12 04:00 · Score: 2

By day, he's a mild-mannered Attorney General. By night, he becomes an uber-hacker who compromises Visa. Coolest duality ever.
Oh wait, we're missing an 'o' on the end. Never mind.
Just some FYI here by mschuyler · 2012-03-12 05:42 · Score: 1

The leak happened in early December, but Stratfor did not notify its subscribers until December 24th. They offered a "free" subscription to CSID indentity protection service which, when activated, notified you that Yup, your username, password, and credit card number were hacked, something you could verify for yourself on the web. So there was at least a two week lag where they knew of the breach, but did not tell anyone so as to not "compromise" the FBI investigation. They SAID they notified the cc companies immediately, but the fact is the cc companies did not notify subscriber or initiate any action. Subscribers, once they found out on December 24th, had to do this on their own.
The large majority of cards were not used in any way, but the email addresses were used to send spam to subscribers, including bogus messages that Friedman, CEO of Stratfor, had resigned. Petty stuff, that.
Lifelock, which purports to be an id protection service, finally got around to notifying its subscribers of a data breach in mid January with a generic notice and no corroborating information at all.
As of today Stratfor has not yet re-established its service, though they say it will be Real Soon Now.

--
How about a moderation of -1 pedantic.
Beware those who say "incentivized" ... by sgt_doom · 2012-03-12 06:12 · Score: 1

... or any of the other bankster gangsta terminology.
Of course, you should compare and contrast that to the gargantuan amounts stolen by the banksters, sonny. Try that for a change!
Average Charge $13.37? -nt by Anonymous Coward · 2012-03-12 07:37 · Score: 0

nt = no text
One-time-use cards by John+Jorsett · 2012-03-12 09:54 · Score: 1

I use Citi Mastercard for online purchases. Citi offers a "virtual account number" feature that can be used to generate a one-time-use number for a specific purchase. I've not had anyone yet attempt to use a number a second time, but if it happens they won't be successful, or so Citi claims.