500K Credit Card Numbers Stolen in Australian Hack

CommanderFrank · Aug 18, 2012

Half a Million credit card numbers have been hacked from a point-of-sale system in Australia by what is thought to be the same group responsible for the theft of 1.5 million credit card account numbers from Subway restaurants in the US.

In both cases, the syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection.

stiltner · Aug 18, 2012

Despite the potential for millions of dollars of fraud to result from the theft, Det. Sup. Marden said the attack was neither complex, nor large compared to other data breaches around the world.

“It’s not massive in the larger scheme of things,” he said. “By far the majority of the work that we’re involved in doesn’t involve uber-technical hackers; they are buying exploit kits and doing SQL Injection all as a result of [a victim’s] poor coding practices.”

Default RDP, default passwords.

Fail

BBA · Aug 18, 2012

stiltner said:
Default RDP, default passwords.

Fail

Fail on your interpretation.

No where did it say they used default passwords (there actually is no such thing anyway).

Besides, the password was irrelevent as they probably took advantage of an RDP vulnerability that existed before the latest OS patches.

MrAgmoore · Aug 19, 2012

You can do a string search for "password" on the article ( Ctrl-F ):

"Its network was protected with default passwords and carried both benign and unsecured transactional data. The company had left RDP activated so it could monitor stocks."

If RDP = remote desktop protocol then yeah... epic fail?

OldDeadOne · Aug 19, 2012

500K Credit Card Numbers Stolen in Australian Hack

CommanderFrank

Cat Can't Scratch It

stiltner

[H]F Junkie

BBA

Supreme [H]ardness

MrAgmoore

[H]ard|Gawd

OldDeadOne

[H]ard|Gawd