A large stash of data was hacked recently, exposing the personal and financial information on more than 850,000 Fortune 500 CEOs, lawmakers and A-list celebrities.
Reported by Brian Krebs to have been found on the same servers as the Adobe source code, the file “CorporateCarOnline” the plain text archive apparently contained 850,000 credit card numbers, expiry dates and associated names and addresses, with more than one-quarter (241,000) including high or no-limit American Express accounts.
Those names included basketball star LeBron James, NFL quarterback Aaron Rodgers, actor Tom Hanks and businessman Donald Trump. Krebs pointed out that such information would be extremely useful in the hands of nation-state level attackers or for would-be corporate spies or for those engaged in other types of espionage.
In terms of how it was released, points were made to a vulnerability in its implementation of ColdFusion that has become a favourite target of the attackers thought to be responsible for this and other aforementioned breaches of late.
The Missouri company in question seemed unwilling to talk about the incident. Fred Touchette, senior security analyst at AppRiver, said: “This is a major haul for the bad guys. You would really think that people have heard enough of these stories to stop thinking that this could never happen to them. Years of high-profile, high-valued data kept in plain text on a server for anyone to come and get.
“To add insult to injury, this wasn’t just names and credit card numbers either, this was a wealth of information that could allow attackers the ability to create highly customised attacks, spear phishing or direct malware deliveries with a very convincing front. Businesses can’t afford to allow security to be an afterthought any longer, it needs to be built in, because discovering that you should have had it after the fact will cost much more in the end.”
