Target Hackers Have More Data Than They Can Sell

itwbennett writes "The hackers who stole millions of credit card numbers from Target customers are probably 'laying low knowing that everyone is looking for them,' says Alex Holden, who runs cybercrime consultancy Hold Security. But it's also likely that they can't sell them: 'You can imagine that having a lot of stolen credit cards will not net the hackers, say $35 per card for all 40 million,' said Holden. 'Even if the hackers are willing to sell cards for $1 a card, no one will buy the stolen goods in these amounts.'"

Stupid People

You can always reduce things. They can sell a smaller subsets.

Re:Stupid People

[jeffmeden]

You can always reduce things. They can sell a smaller subsets.

This. Thefuck is this article? The guy who broke the breach also pointed out where the cards were getting sold at too. This article is a muse on a blog by a supposed "pundit" (pundit, n.: one whose insistence of credibility is the only thing greater than their ignorance).

Seeing that

[Kardos]

next to everybody's card has been stolen, is it time for everybody to get a new card? It'll make the stolen database worthless, as well as all other databases of stolen credit cards...

Probably not worth a dollar...

[jddeluxe]

My bank (Chase) has sent out new cards to anyone that had a transaction at Target during the time period they indicated of the breach, and many other banks/financial institutions have done likewise. The value of the purloined data is heading towards nil quickly.

It has arrived!

[Ol+Olsoc]

Security through Ubiquity!

Spoiler alert

[symbolset]

The data was stolen by the company that prints the replacement cards.

Re:What me worry?

[TheloniousToady]

Actually, the merchant eats it - at least that's been my experience as a merchant. The ingestion process is called a chargeback. It's one reason why credit card issuers are so glad to make refunds to consumers. Merchants live in fear of chargebacks because not only do they lose the revenue, they also have to pay a penalty.

As a merchant, you quickly figure out that it's best to accommodate any request for a refund, even if you think you're being treated unfairly. For example, I recently had a customer in another country who asked me to pay his local taxes on the sale I had just made to him. So I gave him a refund for the amount of the tax. Easy decision.

(I shouldn't be telling you folks this, it's supposed to be a dirty little secret. Don't tell anybody else.)

Re:Uh, it's not 40 million...

[DigiShaman]

Well given how successful this was on a Windows based POS system, just imagine all the restaurants, and bars that might be compromised too. I'm in agreement with what others have said; we need to go to the Chip-and-PIN system. If we are going to be replacing CC for potentially hundreds of millions of people, now is the time to make the switch. If the bank wants to charge me a few extra bucks for a fancy new card, do it. I'd rather have the peace of mind after this fiasco.

Re:Uh, it's not 40 million...

[baker_tony]

Wait, American's aren't using chip and pin yet?

Re:Uh, it's not 40 million...

[cusco]

Our banks are run by people who play "executive musical chairs". If something will save the bank a million dollars over the next ten years, but nothing for the first three years, it won't get implemented because the executives will have rotated out to another company by the time the savings could affect their quarterly bonuses. Chip and pin would cost the banks money to implement, so it won't happen until you get a set of executives who can see further than the next board meeting.