A hacker, going by the name of Reckz0r posted a supposed sample of data purportedly stolen from financial institutions. In the tweet which originally announced the data dump, Reckz0r (why can’t they just be called Dave or something?) initially claimed to have “hacked Visa & Mastercard” although this claim was later revised to read:
“Actually, I didn’t hacked VISA & Mastercard, I hacked the banks, #Chase..etc”
The data posted does not include credit card numbers, security codes or expiry dates, in fact no credit card information at all, but does include names, addresses, telephone numbers and email addresses. The hacker, somewhat bizarrely claims to to have redacted the card details “for security measures“.
Other than the censored and supposedly abbreviated list of personal details on pastebin, Reckz0r has offered no further proof of his misdeeds although he claims that the full amount of stolen data is “about 50GB or bigger” and has been culled from attacks on “over 79 large banks” (why wouldn’t you say “80”, or “over 80”?)
Call me a cynic, but when the supposed attacker seems unsure of exactly how much data he has or the exact number of financial institutions targeted, the claims begin to look a little shaky, we have seen enough bogus data dumps over time to know that everything is not always what it seems.
Whatever the truth of the matter, hacktivism, data dumps and attacks “for the lulz” have succeeded in creating such a febrile online atmosphere that claims of this nature must be taken seriously until proven otherwise. According to Dutch newspaper reports, Visa are already investigating these claims while Mastercard could not be reached for comment. If the claims do turn out to be true, it will be yet another example of ineffective, or indeed non-existent encryption of highly valuable personal and financial data.
In the meantime folks, keep an eye on those bank statements!