• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Target Hackers Hit Third Parking Service

Target Hackers Hit Third Parking Service

Pierluigi Paganini February 03, 2015

Criminal crew behind Target and Home Depot data breaches is now targeting online parking reservation services, Book2park is the third victim since December.

The hacking crew hackers behind the data breaches of the retail chain Target and Home Depot are now threatening parking lots according to the recent report published by the popular investigator Brian Krebs.

“Last week, a new batch of credit card numbers [dubbed “Denarius“] went up for sale on Rescator[dot]cm, the cybercrime bazaar that earned infamy by selling tens of millions of cards stolen from Target and Home Depot. Multiple banks contacted by this author acquired a handful of cards from this new batch, and each of those financial institutions found the same pattern: All of the cards they bought had been issued to customers who recently made airport parking reservations at Book2Park.com.” wrote Brian Krebs.

The last victim of the criminal organization is Book2Park.com, an online parking reservation service for airports across the United States. The company is the third online parking service that was hacked by the gang since December 2014.  A new batch of credit card numbers was offered for sale on the popular black market Rescator[dot]cm that is specialized in the commercialization of cards stolen data, the new cards are being sold for up to $18 on the site

Rescator[dot]cm is the same website used by the criminal crew to offer credit cards from many the data of Target and Home Depot, that caused the exposure of more than 100 million cards.

Banks have bought some of the stolen cards for investigative purposes and told Brian Krebs each was used to make reservations with Book2Park.

The Book2park CEO Anna Infante confirmed that experts hired by Book2Park have discovered a malware infected its servers, but she was unaware of the data breach.

“We already took action on this, and we are totally on it,” Infante told to Krebs. “We are taking all further steps in protecting our customers and reporting this to the proper authorities.”

Brian Krebs speculates that the same gang is behind the hack of Park ‘N Fly and OneStopParking.com occurred in December 2014.

“The card accounts stolen from OneStopParking and Park ‘N Fly sold for prices between $6 and $13, but the cards taken from Book2Park’s site mostly fetch prices ranging from $12 to $18. This may be because most of the cards were issued by European banks, which tend to sell for more (at least on Rescator’s site).” continues Krebs.

Krebs explained that card data stolen by hackers are sold in the underground in form of dumps of data, which include “CVVs”, to use for online transactions or encoded onto new plastic and used to buy stolen goods in physical stores.

“However, most online carding shops that sell stolen card data in underground stores market both types of cards, known in thief-speak as “dumps” and “CVVs,” respectively.”

Recently Trustwave published an interesting report on the point-of-sale malware, the principal tool used by criminal gangs to steal credit card data. The experts at Trustwave have examined a large amount of malware that targets point-of-sale devices, this family of malicious code is specifically designed to steal the sensitive information stored in the magnetic stripe of a payment card.

point-of-sale

Unfortunately, this kind of crimes is increasing as confirmed by various reports.

Coming back to Book2Park case, Krebs explained that it is unclear why these criminal crew are targeting online parking reservation systems considering that there is no direct connection between the three services hacked by the gang.

Stay Tuned …

Pierluigi Paganini

(Security Affairs – stolen card data, cybercrime)


facebook linkedin twitter

Book2Park Cybercrime dumps Home Depot parking lots point-of-sale malware POS smart card Target underground

you might also like

Pierluigi Paganini July 11, 2025
Athlete or Hacker? Russian basketball player accused in U.S. ransomware case
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Wing FTP Server flaw actively exploited shortly after technical details were made public

    Hacking / July 13, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

    Breaking News / July 13, 2025

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Cyber Crime / July 11, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT