Pierluigi Paganini September 13, 2016

A hacker leaked a data dump containing more than 320,000 Financial Records apparently stolen from an Israeli payment processor.

Another data breach is in the headline, roughly 324,000 financial records have been leaked online.

The financial data appears to have been stolen either from payment processor BlueSnap or its customer Regpack, a hacker published a link to the archive (a file Titled named “Bluesnap_324K_Payments.txt”) on his Twitter account @0x2Taylor.

The hacker who published the link to the stolen data, claimed it belongs to the BlueSnap company. BlueSnap is an e-commerce solutions provider that specializes in global payment processing, it allows customers’ websites to accept payments from their clients by offering merchant facilities.

BlueSnap was founded in Israel back in 2001, its name was originally Plimus, it was rebranded as BlueSnap when it was acquired in 2011.

Regpack is a company that provides online event registration solutions, it has been using BlueSnap’s payment platform since 2013.

The records include names, email addresses, IP addresses, physical addresses, phone numbers, invoices, the last four digits of credit card numbers, and even CVV codes.

Be careful, even if full card data has was not disclosed, the leaked CVVs and other info can be used by crooks to conduct card-not-present transactions.

At the time I was writing, both BlueSnap and Regpack denied having been a victim of a data breach.

The news was shared by the popular cyber security expert Troy Hunt, who has analyzed the leaked records verifying their genuinity.

Hunt highlighted the presence of invoices related to Jewish company, another circumstance that suggests the involvement of one of the mentioned companies.

“Now it’s possible that the data has come from another unnamed party, but it’s highly unlikely. Not only could I not pick a pattern in the data suggesting it was sourced from elsewhere, but the CVVs just shouldn’t have been there,” Hunt wrote in a blog post. “We’ve got 899 totally separate consumers of the Regpack service (so it’s not from one of them) who send their data direct to Regpack who pass payment data onto BlueSnap for processing. Unless I’m missing a fundamental piece of the workflow (and I’m certainly open to suggestions on what this might be), it looks like accountability almost certainly lies with one of these two parties.”

Hunt contacted both companies for a comment that denied any incident after forensic investigations.

If you want to check if your data are included in the dump , visit the breach notification service website managed by Hunt, the popular https://haveibeenpwned.com/.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Financial Records, Data Breach)