If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Turns out Target and Neiman Marcus weren't the only retailers who gave up your financial information to hackers. They were just the only two that thought enough to tell you   (arstechnica.com) divider line 105
    More: Followup, Neiman Marcus, Target, hacking tool, plain text  
•       •       •

13711 clicks; posted to Main » on 14 Jan 2014 at 1:47 PM (40 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



105 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | » | Last | Show all
 
2014-01-14 12:12:02 PM  
Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?
 
2014-01-14 12:28:33 PM  
ASo, Wool*Mort, then?
 
2014-01-14 01:15:10 PM  
Jokes on you, hackers! I have no money for you to steal! In your FACE!
 
2014-01-14 01:40:02 PM  
I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.
 
2014-01-14 01:41:25 PM  
I only pay for things in gold press latinum. It's heavier to carry around but I don't have to worry about this sort of thing.
 
2014-01-14 01:49:32 PM  
And the others were.......
 
2014-01-14 01:49:32 PM  
I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT
 
2014-01-14 01:50:35 PM  

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


images3.wikia.nocookie.net

/sorry I couldn't resist
//going to hell
///slashies!
 
2014-01-14 01:51:31 PM  

Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT


Apparently some Christian decided the Jesusy thing to do was to steal someone's credit card information in order to find the love of his fraudster life.
 
2014-01-14 01:51:52 PM  
Thanks?
 
2014-01-14 01:54:57 PM  

DarkSoulNoHope: Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT

Apparently some Christian decided the Jesusy thing to do was to steal someone's credit card information in order to find the love of his fraudster life.


Or god hates me and is trying to hook me up with ANOTHER fat chick.
 
2014-01-14 01:55:03 PM  
obvious tag was sleeping?
 
2014-01-14 01:55:31 PM  
The federal government spends a lot of money to physically MAKE money.
We might as well go back to using it more often, in my opinion.

Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants.

Somebody makes money off of cashless transactions. My bet is that if consumers rebelled and suddenly started using more cash, security measures would improve.
 
2014-01-14 01:58:04 PM  
Also:
Think of how many companies that have been hacked / had their data stolen (either back hackers or employees) and don't even KNOW it.
 
2014-01-14 01:59:39 PM  

Huck And Molly Ziegler: Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants


It did a ton of good for me when I had to buckle down and get my financial shiat together.  Actually HANDING a merchant something physical make you less likely to spend the cash.
 
2014-01-14 01:59:55 PM  

dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?


I think it's actually your bank's responsibility to notify you, Target is required to notify the banks (since they wouldn't necessarily have your contact info).

When I got the notification from my bank, it didn't say WHERE my information was compromised, just that it was, so you could just assume it was lost at Target, when it was really somewhere else.
 
2014-01-14 02:00:04 PM  
Uplink was a fun game.
 
2014-01-14 02:00:18 PM  

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


you might be ok:
https://corporate.target.com/discover/article/free-credit-monitoring -a nd-identity-theft-protecti
 
2014-01-14 02:00:40 PM  
Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.
 
2014-01-14 02:05:43 PM  
I only shop at stores that enter each transaction into a giant ledger with a quill pen. I should be OK.
 
2014-01-14 02:05:43 PM  

dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?


It really bothered me when I discoeverd that number is 40,000. Anything less and they don't HAVE to inform anyone.
 
rpm
2014-01-14 02:06:51 PM  

pippi longstocking: Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.


They do (granted, a weak crypto), but they found malware that takes it out of RAM before encryption on some of the POS machines.
 
2014-01-14 02:08:34 PM  

pippi longstocking: Magnetic cards are a huge joke, it's not 1980 anymore. If the general public, banks, and retailers were really concerned about individual transaction security they would use encrypted hash and salt algorithms at the point of sale.


Salt algorithms?  Hell yeah, I'm golden for that then.

<----- works at a salt mine
 
2014-01-14 02:10:48 PM  

ChrisDe: And the others were.......


not mentioned in the farkin' article.  That's some weak-ass shiat.
 
2014-01-14 02:11:31 PM  

dletter: Isn't there a certain number of persons data lost that it is required by law to notify the public, or is that only with compromised health information?


If the company has a physical presence in CA and the victim resides in CA then SB 1386 will require that the company notify the victim in writing about their data being compromised. This also assumes a couple of other things, that CC /and/ PIN were compromised, SSN, CA DL or ID # were compromised or some combination of the above occurred.

pippi longstocking: encrypted hash



What is an encrypted hash? I think you might have meant cryptographic hash (or just hash).

Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?
 
2014-01-14 02:11:43 PM  
It really is time for these US retailers to step out of the 1980's and provide some cards with a secured chip in them. Magnetic strips are just begging for trouble.
 
2014-01-14 02:13:02 PM  
As I said to a co-worker a couple of weeks back:  I'm waiting for the Walmart shoe to drop.  I kinda expect they wouldn't say anything if they didn't have to, they'd keep it quiet to try to kill the competition.
 
2014-01-14 02:14:30 PM  

Phony_Soldier: I just got off the phone with Wellsfargo. I've got fraudulent charges. One of them is for Christian Mingle via Paypal or some shiat:

WTF is this:

CHKCARDPAYPAL *CHRSTIANMGL 4029357733 UT


Biggest tipoff that your card got hacked is when you first start to see a dollar amount made out to some bullsh*t charity like "Permanently Disabled Jockeys" (yes, I kid you not). That's the hacker testing the card in a  tiny, unnoticable way and if it comes back to them as usable, then you're gonna start finding out that you gave everyone in Nigeria a free PS4 and recharged the phones for everyone in Egypt.
 
2014-01-14 02:15:16 PM  
Here is the actual email that Target sent to offer credit monitoring services. The garbled headers and third party domain speak for themselves. Of course getting hacked was some kind of crazy fluke.

i.imgur.com
 
2014-01-14 02:18:32 PM  

Huck And Molly Ziegler: The federal government spends a lot of money to physically MAKE money.
We might as well go back to using it more often, in my opinion.

Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants.

Somebody makes money off of cashless transactions. My bet is that if consumers rebelled and suddenly started using more cash, security measures would improve.


I *had* been doing that, partly as a way to keep track of my own spending.  Cash or check; too easy to lose receipts on the debit card.  I have a no annual fee CC locked up for dire emergencies or international trips.

I finally broke and got a new debit card *right* around the time this all went down.  Told myself I'd still take out cash, but I've already broke a few times and used it.  It's too goddamn easy.

Still... when I want to Target yesterday I ended up spending all of my cash but a few singles and change.  Probably safer there then anywhere else at this point (probably), but could *not* bring myself to run it.  And now I have to run to the bank tonight.  Whee.

/at least mine's open til 7
//yay credit unions
 
2014-01-14 02:18:35 PM  
I can understand Needless Markup being hacked, go after the bigger fish.
 
rpm
2014-01-14 02:20:53 PM  

reductive: Here is the actual email that Target sent to offer credit monitoring services. The garbled headers and third party domain speak for themselves. Of course getting hacked was some kind of crazy fluke.

[i.imgur.com image 850x515]


I've seen major banks do the same with e-mail, it's not limited to merchants.
 
2014-01-14 02:20:57 PM  
Target shouldn't have my email address!

Though I haven't used any credit cards at a 'merican Target either.

Home Depot keeps asking if I want my receipt e-mailed to me.  NO!  You're not monitoring what I'm buying.  Go away!

I also don't have any of those there 'rewards' program cards.

I'm avoiding their prying eyes on what I buy.

Why yes, I'm going to stay naive so long as it suits my purposes.
 
2014-01-14 02:23:01 PM  
There are a few credit cards that are smart cards, and they work great, but...magnetic storage is only 126 years old, slow down you youngsters.
 
2014-01-14 02:23:16 PM  
CSB Time!

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and  let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent.  During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.
 
2014-01-14 02:25:55 PM  

TV's Vinnie: It really is time for these US retailers to step out of the 1980's and provide some cards with a secured chip in them. Magnetic strips are just begging for trouble.


VISA is mandating EMV in the US in 2015
 
2014-01-14 02:27:04 PM  
So that $250 cookie recipe charge from Neiman Marcus was fake?!?
 
2014-01-14 02:27:11 PM  

jonny_q: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

you might be ok:
https://corporate.target.com/discover/article/free-credit-monitoring -a nd-identity-theft-protecti


I actually didn't use the link in the e-mail.  I backed out and accessed the offer directly from Target's website, so I was pretty sure I was OK.  But when I originally got the e-mail, I was thinking that it would be a pretty good way to dupe people into giving up more sensitive information if any nefarious individuals wanted to do so.
 
2014-01-14 02:28:45 PM  
Identify theft is the only reason I'm glad I'm broke, have horrible credit, and I'm a multiple felon. I don't even want my identity, pretty sure no one else does either ;/
 
2014-01-14 02:28:47 PM  

TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.


Um, your security and financial safety advice includes using paypal?  They are horrible in both areas.  Are you just...trolling or something?
 
2014-01-14 02:29:56 PM  
Why do I get the feeling we're only just yet seeing the tip of this turdberg?
 
2014-01-14 02:30:02 PM  

cannotsuggestaname: Also things like this make me wonder why in the world the US market didn't back the use of smart chips on cards, it would have really helped keep this kind of crap down. Maybe Visa/MasterCard/Discover/Amex will finally move to that in the US?


Blame the merchants -- they're the ones that don't want to spend the money to upgrade their equipment so they could accept chip cards.

But after this mess, you'd think Target and other merchants would just make the charge to try and rebuild consumer confidence in credit card security.
 
2014-01-14 02:32:40 PM  

Huck And Molly Ziegler: The federal government spends a lot of money to physically MAKE money.
We might as well go back to using it more often, in my opinion.

Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants.


ATM fees are too much of a hassle.
 
2014-01-14 02:32:44 PM  

I_Am_Weasel: Target shouldn't have my email address!

Though I haven't used any credit cards at a 'merican Target either.

Home Depot keeps asking if I want my receipt e-mailed to me.  NO!  You're not monitoring what I'm buying.  Go away!

I also don't have any of those there 'rewards' program cards.

I'm avoiding their prying eyes on what I buy.

Why yes, I'm going to stay naive so long as it suits my purposes.



Credit cards have your info too
 
2014-01-14 02:32:45 PM  

Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.


It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.
 
2014-01-14 02:34:00 PM  

Clutch2013: Three Crooked Squirrels: I got an e-mail from Target saying that I might me one of the many that had their info stolen.  They are offering a year of free credit monitoring through Experian.  So I went and signed up for the coverage.  But now I have the sinking feeling that the e-mail I received was some kind of scam and I've just been duped into a whole new fraud.

It's funny, and a little scary, just how some sophisticated some of those fake e-mails are getting. My parents are continually asking me if one's real or not.

One trick my not-terribly-computer-literate ass has learned is to check the hyperlinks in all of these things. I'll search them through Google, if I need to. Generally, though, if the hyperlink has a .ru anywhere in the address, instant delete. If it's a bunch of number salad that a search doesn't return any satisfactory results, instant delete.


Anything offering or asking me to sign up for anything I haven't requested = instant delete. I do this with snail mail too, using the shredder. Don't even open the damn things.
 
2014-01-14 02:40:43 PM  

TV's Vinnie: Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead credit card instead of your own bank's debit card.


Corrected.

When your debit card number gets stolen that can jack up your bank account for a few days, which can become really problematic if you've written checks from it, auto pay bills via ACH, etc.

When it's your credit card, your bank account is never affected.
 
2014-01-14 02:41:29 PM  

fireclown: Huck And Molly Ziegler: Cash for groceries, cash for gasoline, cash for purchases under $500 (or whatever you feel safe carrying from the bank teller to the point of sale), cash in restaurants

It did a ton of good for me when I had to buckle down and get my financial shiat together.  Actually HANDING a merchant something physical make you less likely to spend the cash.


I'm the opposite. Cash has already been mentally deducted from my checking account so I spend more with cash.

Plus I put EVERYTHING on a rewards card that gives me free mileage. Usually earn 4-5 flights a year for free.
 
2014-01-14 02:43:02 PM  
 
2014-01-14 02:43:17 PM  

TV's Vinnie: CSB Time!

Just to give people some advice, use an extra layer of protection like having a Paypal debit card instead of your own bank's debit card.

When my card got hacked somehow (I suspect it was that time I bought a game from Steam), I started seeing that Permanently Disabled Jockeys sh*t and followed by more charges with each one growing larger than the last.

Luckily I was online and got an email alert (PP will send an email every time you make a purchase) that showed all these weird purchases. I called up PP and even though they couldn't do anything about it until it was charged and sent to my bank account, it did buy me some time to (A) have these charges flagged by PP so that they can refund the stolen amounts to me, and (b) the bank was cool to waive fees and  let me make any stop payments on these particular amounts coming in from Paypal since they know they were fraudulent.  During that lag I just used cash only and waited about a week for my whole new card with new number to arrive in the mail.

The only charge that the vendor tried to hold onto like a pit bull was some phone recharge vendor in Egypt. This vendor was well-known by Paypal as a jerkface so they didn't take much time to render the dispute in my favor. I sent the asshole an email thru an anonymous email generator to do a Nelson "HA HAAAAA!" at him.


You're telling people to use paypal and you think that you're credit card was compromised because of usage on steam?
www.quickmeme.com
 
Displayed 50 of 105 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report