Internet

Hackers selling data of 30 million payment cards used at 850 U.S. stores

Gemini determined that the point of compromise for the breach titled BIGBADABOOM-III is Wawa, the East Coast-based convenience store and gas station. The company first discovered the breach on December 10, 2019

Gemini determined that the point of compromise for the breach titled BIGBADABOOM-III is Wawa, the East Coast-based convenience store and gas station. The company first discovered the breach on December 10, 2019   | Photo Credit: Getty Images

According to cybersecurity firm Gemini Advisory, information from the Wawa hacking emerged on the Dark Web this week at the Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data

A data breach has hit Wawa, an East Coast-based convenience store and gas station, as hackers broke into over 850 Wawa stores and potentially exposed 30 million sets of payment records, including those from Asian countries, making it largest payment card breaches of all time.

According to cybersecurity firm Gemini Advisory, information from the Wawa hacking emerged on the Dark Web this week at the Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data.

Gemini determined that the point of compromise for the breach titled BIGBADABOOM-III is Wawa, the East Coast-based convenience store and gas station. The company first discovered the breach on December 10, 2019.

“Major breaches of this type often have low demand in the dark web. This may be due to the breached merchant’s public statement or to security researchers’ quick identification of the point of compromise,” said Gemini.

However, Joker’s Stash uses the media coverage of major breaches such as these to bolster their credibility as the most notorious vendor of compromised payment cards.

The full data collection includes 30 million U.S. records across more than 40 States, as well as over one million non-U.S. records from more than 100 different countries, claimed Gemini.

It is similar to Residence Depot’s 2014 breach exposing 50 million prospects’ information or to Goal’s 2013 breach exposing 40 million units of fee card information, the researchers noted.

Wawa said it was responding to reports that hacked information from its customers’ credit cards may be being sold on the dark web.

Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 1,00,000 records.

While the majority of those records were from US banks and were linked to U.S.-based cardholders, some records also linked to cardholders from Latin America, Europe, and several Asian countries.

“Non-U.S.-based cardholders likely fell victim to this breach when travelling to the United States and transacting with Wawa gas stations during the period of exposure,” said the report.

The median price of U.S.-issued records from this breach is currently $17, with some of the international records priced as high as $210 per card.

A letter from the Editor


Dear reader,

We have been keeping you up-to-date with information on the developments in India and the world that have a bearing on our health and wellbeing, our lives and livelihoods, during these difficult times. To enable wide dissemination of news that is in public interest, we have increased the number of articles that can be read free, and extended free trial periods. However, we have a request for those who can afford to subscribe: please do. As we fight disinformation and misinformation, and keep apace with the happenings, we need to commit greater resources to news gathering operations. We promise to deliver quality journalism that stays away from vested interest and political propaganda.

Support Quality Journalism
Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | May 30, 2020 7:16:58 AM | https://www.thehindu.com/sci-tech/technology/internet/hackers-selling-data-of-30-million-payment-cards-used-at-850-us-stores/article30690236.ece

Next Story