[ISN] Hackers hit New York tour firm, access 110,00 bank cards

From: InfoSec News <alerts_at_private>
Date: Tue, 21 Dec 2010 00:15:49 -0600 (CST)
http://www.computerworld.com/s/article/9201822/Hackers_hit_New_York_tour_firm_access_110_00_bank_cards

By Robert McMillan
IDG News Service
December 20, 2010

Hackers have broken into the website of the New York tour company 
CitySights NY and stolen about 110,000 bank card numbers.

They broke in using a SQL Injection attack on the company's Web server, 
CitySights NY said in a Dec. 9 breach notification letter published by 
New Hampshire's attorney general. The company learned of the problem in 
late October, when, "a web programmer discovered [an] unauthorized 
script that appears to have been uploaded to the company's web server, 
which is believed to have compromised the security of the database on 
that server," the letter said.

CitySights NY believes that the SQL injection compromise occurred about 
a month earlier, on Sept. 26. In a SQL injection attack, hackers find 
ways to sneak real database commands into the server using the Web. They 
do this by adding specially crafted text into Web-based forms or search 
boxes that are used to query the back-end database.

This was one of the techniques used by Albert Gonzalez, who in March 
received the longest-ever U.S. federal sentence related to hacking the 
systems of Heartland Payment Systems, TJX and other companies.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Dec 20 2010 - 22:15:49 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 20 2010 - 22:28:43 PST