Posted on January 31, 2020 at 2:50 PM
Security experts at Gemini Advisory reported that hackers stole Wawa’s payment card data and uploaded them at the marketplace at Joker’s Stack. According to the experts, the card data contains the details of the cardholder, including their names, card number, and expiry dates.
Although most of those records were from US-based cardholders and U.S banks, some of the records contain details of cardholders from Europe, Latin America, and several Asian countries, according to Gemini Advisory.
The security experts opined that the non-US-based cardholders were likely victims of the hack when they traveled to the U.S. and used Wawa services during their visit there. At the selling site, the hackers have put the average price of these records to $17, while the cost of the non-US-based record is higher at $210 per card.
The hackers put up the payment cards for sale on Monday, as more than 30 million U.S-based accounts and over 1 million foreign-based accounts were hacked. Based on this outrageous number, it is one of the largest card frauds on the internet. Unsurprisingly, the card is offered for sale at the largest online card fraud forum.
The hackers put up the sale of the cards with the name “BIGBADABOOM-III.”
Barely a month ago, Wawa revealed that its network had suffered a major security breach. Then the company disclosed that the hackers installed malware at its POS systems. Wawa said that the hackers succeeded in collecting card details of customers that used debit or credit cards to buy goods at their gas station of convenience stores. Wawa revealed further that the hackers were able to infiltrate its entire 860 convenience retail stores. Out of this number, 600 of them also function as gas stations.
The company stated that the malware was operational from March till December last year when it was detected and deleted from Wawa’s system. During this period, the malware had been gathering vital information about customers and their account details whenever they use their card for purchases on Wawa’s POS terminal.
The extended 9 months infection period was enough for the actors to gather a massive amount of information about customer cards.
Breach in comparison with the biggest card data breaches
Sine this breach may have affected more than 30 million sets of payment records and over 850 stores, it stands as one of the biggest payment card breaches of all time, said Gemini Advisory.
According to the security experts, it can be compared to the2013 Target breach that exposed about 40million payment cards or the 2014 Home Depot’s breach which exposed 50 million customers ‘data.
Gemini Advisory made a statement regarding the breach, as it stated that Wawa was recently aware that customers’ data are now being offered for sale online. Wawa did not deny or contest the findings of Gemini Advisory, as the company agreed that the cards being offered at the Joker’s Stash card dump were from its servers.
Wawa to improve fraud monitoring systems
Wawa revealed that it had alerted card issuers, payment card brands, as well as payment card processors to improve on its fraud monitoring activities, which will help to protect any customer data. The company also stated that it is still investigating the hack with law enforcement agencies. Wawa promised that it would let the public know of any development about the investigation.
Only payment card information hacked
Wawa also stated that the hackers were able to breach payment card information. It further said that no CVV2 numbers, debit card pin, or other personal identification data were involved. But a sample of one of the Wawa card dump showed that the leaked information did contain CVV2 numbers of the credits cards, which is contrary to Wawa’s claims.
Joker’s Stash is known for providing a portal where hackers can offer hacked information or data for sale. However, the platform only offers these data for sale only after the affected company has announced a breach. Joker’s Stash always waits for the public announcement of the breach before offering the stolen information for sale. The firm does this to strengthen its claims as to the largest seller of compromised cards.
The sale of these card information follows a familiar pattern with other hackers. After the successful hacking attempt, the hacker sells to other criminals who use the cardholder’s information to perpetrate more crimes.