This is all sounding horribly familiar. Brian Krebs, a prominent cyber-security blogger, reported on Tuesday that Home Depot had likely been hacked based on a “massive” batch of stolen credit and debit cards appearing for sale online. Krebs, if you remember, also broke the news that Target had suffered a breach last December.
The cards in question are being sold on the same site, rescator.cc, that hawked Target’s stolen data, Krebs said, indicating that it may be the same group behind both. The names of the batches currently for sale—“American Sanctions” and “European Sanctions”—spurred Krebs to speculate that this hack is intended as retribution for penalties imposed on Russia in reaction to its actions in Ukraine. The intrusion into Home Depot may date back as far as late April, suggesting the breach could be larger than Target’s.
Home Depot confirmed that it was looking into unusual activity and would make sure customers were notified if the company identified a breach, according to Bloomberg News.
Now comes the gold rush. Daniel Ingevaldson, chief technology officer at Easy Solutions, which provides anti-fraud services to banks, says stolen cards that went up today on Rescator are commanding prices of $50 to $100 each. The website, known for its ease of use, has become the clearing house for the largest breaches, selling hundreds of thousands of cards at a time. But it’s been in and out of service, according to Ingevaldson, which may be a sign of extremely high demand for the cards. Cybercriminals want to get them while they’re fresh, before banks have defenses in place for this breach, and their enthusiasm might be overwhelming Rescator like shoppers on Black Friday. It’s also possible that rival cybercriminals are attacking the website, he says, forcing it offline to stall sales.
Although it all sounds sadly familiar, banks and companies have learned from the steady drumbeat of breach reports over the past year. The window of opportunity to profit from stolen cards has definitely compressed, Ingevaldson says, and more banks have been monitoring the black market themselves—mimicking Krebs and others—to get an earlier warning when card data has been stolen.
