The heart of tech

This article was published on August 15, 2012


    Hackers steal 500,000 credit card details from Australian business, damage expected to top $25m

    Hackers steal 500,000 credit card details from Australian business, damage expected to top $25m
    Jon Russell
    Story by

    Jon Russell

    Jon Russell was Asia Editor for The Next Web from 2011 to 2014. Originally from the UK, he lives in Bangkok, Thailand. You can find him on T Jon Russell was Asia Editor for The Next Web from 2011 to 2014. Originally from the UK, he lives in Bangkok, Thailand. You can find him on Twitter, Angel List, LinkedIn.

    Hackers have grabbed the details of an estimated 500,000 credit cards in Australia after hacking into the poorly secured database of an unnamed business in what police have labelled a “disaster waiting to happen”.

    The attacked could result in up to $25 million worth of fraudulent transactions, Detective Superintendent Brad Marden told SC Magazine, and it is believed that the perpetrators are part of a active Eastern European criminal syndicate. The group has previous and is said to be responsible for a 2011 attack on a Subway chain last year that affected 80,000 customers. This time the effects are considerably wider.

    The group is said to have taken advantage of a basic security set-up that the retailer was using to hold its data. Marden explained that “the network was set up by some local suppliers who didn’t understand IT security.”

    SC outlines exactly how the hackers got their hands on the customers’ information:

    The syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection.

    Police say they are closing in on the gang in relation to its latest activity but, for now, Australian banks are on “high alert” in expectation that the card details will be sold off to third parties and other criminal elements.

    The incident comes less than a month after Korea’s KT Telecom revealed that hackers had grabbed data from some 8.7 million customers. The operator revealed that the details were sold on to telemarketing firms during a five-month long campaign.

    Image via Flickr / DeclanTM