Slashdot Mirror

← Back to Stories (view on slashdot.org)

Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers

Posted by timothy on from the taken-for-a-ride dept.

tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."

12 of 43 comments (clear)

  1. A-List Spear Phishing by ponraul · · Score: 2

    That's hot.

  2. Good by Anonymous Coward · · Score: 2, Funny

    Exposing the personal information of 30 million people wouldn't bother those in power. But those in power having their information hacked? Finally, we may see some protection of data--at least for those in power.

  3. Hold Them Responsible by Jane+Q.+Public · · Score: 3, Interesting

    When are corporations going to be held responsible for the security of their customers' information?

    If things like credit card information are stored in cleartext, the corporation doing it should be fined and the people responsible prosecuted if there is a leak. It's just gross irresponsibility, for which nobody has seemed to get punished.

    That needs to change.

    1. Re:Hold Them Responsible by andyjb · · Score: 3, Interesting

      They are resposible - if they have been deemed to be in breach of PCI compliance, they will not be granted "safe harbour" by their issuing bank / {AMEX, Visa, MC}. In a nutshell it means that they will find it more expensive to do business from now on. It does often happen however that a business will decide that being PCI compliant is more expensive than the fines...

    2. Re:Hold Them Responsible by Sarten-X · · Score: 2

      When are residents going to be held responsible for the security of their valuables?

      If things like cash and jewelery are stored behind unlocked doors, the households storing them should be fined and the people responsible for the storage prosecuted if there is a theft. It's just gross irresponsibility, for which nobody has seemed to get punished.

      That needs to change.

      I'm exaggerating a little, but this is really how the law works now. The criminal responsibility falls to the guy who thought "I'm going to violate this obvious demarcation line and grab whatever I want", rather than the guy who thinks "That barely-visible boundary should be obvious enough". The concept applies broadly, affecting harassment, copyright, theft, injury, and discrimination suits, just to name a few. While there is some consideration given to whether the victim should have taken more reasonable precaution, being careless is not a crime in itself.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    3. Re:Hold Them Responsible by TheNastyInThePasty · · Score: 5, Insightful

      Having YOUR stuff stolen kind of is the fine. Your anology doesn't work because in this case, it's not the company's information that was stolen. It was their customers. A bank is a closer analogy but even that doesn't work. I'm pretty sure the bank will compensate you if the contents of your security box is stolen due to their poor security practices.

      With this company and the recent Adobe breach, there's no compensation for their customers who had their data stolen. The company gets to just go "Well shucks, I'm sorry guys." Meanwhile, their customers have been exposed to possible identity theft or fraud and they're the ones who have to deal with the consequences.

      A couple of years ago, my social security number was stolen from a local university that I took a summer class at. My parents then subscribed to one of those identity theft protection services. Were we ever compensated for the service fees needed to protect my identity? Nope. Would I have been compensated if someone stole my identity and destroyed my credit for life? Nope.

      That's the problem.

      --
      The best thing about UDP jokes is I don't care if you get them or not
    4. Re:Hold Them Responsible by Deadstick · · Score: 5, Funny

      I'll believe they're people when Texas executes one.

  4. St Louis in the House!!!! by turp182 · · Score: 3, Funny

    Hey, I have to take every chance I get to promote my hometown, and that's where this company is based.

    A coworker for mine knows someone that used to work for the company, it sounds like they used a custom (homebrew) encryption scheme for the passwords. This could be incorrect, the guy hasn't worked there in a couple of years.

    Anyway, we didn't win the World Series, but apparently we can give you Tom Hanks credit card info...

    --
    BlameBillCosby.com
  5. Prostitution / Mistress Detection by arthurpaliden · · Score: 2

    Ok now all one has to do is to find out what the most common destinations, other than their homes, were and there you have who possibly uses prostitutes or have mistresses.

    --
    Undetectable Steganography? Yep, there's an app fo
  6. Re:not THAT rich by swb · · Score: 2

    "...at whatever port the owner wants.." is kind of a small list of boats.

    Just moving even a smallish yacht (75 feet or so) ocean distances is really expensive and/or really slow. Sport yachts capable of 20+ knots cruising speeds can eat double-digit quantities of fuel per hour. Moving from Miami to NYC could take days and tens of thousands of dollars in fuel and most don't have the fuel capacity for major blue ocean transits. Trawler styles use less fuel, but have cruising speeds in the single digits.

    I think even most million-dollar class yachts that are crewed aren't crewed by permanent crews but are crewed as needed when the owner wants to use them, maybe with a preferred captain and generally don't move ports but may move to alternate berthings with the general vicinity, but even then you can't just show up with a big boat and expect to find a berthing for it.

    Of course there are ocean-going ships permanently crewed, but this is a pretty small list because now you're talking really large boats that are ships with operating costs on par or exceeding large jets.

  7. Re:Limos != yachts by uncqual · · Score: 2

    Or, just fly your cars (multiple needed for backup and for security details) in your second 747. Poor folks may have to cram the cars into the cargo hold on their primary (and only) 747 -- but that's pretty low class and only trailer trash would consider it.

    --
    Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  8. 850,000 Limo Riders? by edibobb · · Score: 2

    There are sure a lot of people who ride in limousines.