- Payment card details of millions of people leaked online
- 30 million US customers and 1 million+ non-US consumers at risk of fraud
- Details uploaded on dark web’s Joker’s Stash after disclosure of Wawa store breach
- 850 Wawa stores in US were hit by malware at their POS, last year
- Priced at $17 to $210 per card, the dump is one of the largest in terms of payment data breach
Payment Cards are meant for convenience of payment, not for convenience of theft.
If you live in the US or have visited US in the last year, this news is for you.
You need to remember if you had ever made a purchase at a Wawa store or gas station.
And if you had, you better check your bank statement for any suspicious activity and change your security details immediately.
There has been a major breach of payment card details, which will probably go down as one of the worst data breaches in history.
What is the big payment breach?
An online market called Joker’s Stash that specializes in selling stolen payment card data has dumped a thousand, no, a million, no 30 million+ payment card details and are selling them at 17 bucks a pop.
Before we get into the story of how it came to this, you should know that around 30 million exposed customers are from the U.S. and more than 1 million hail from hundreds of different countries worldwide.
The illegal sale of card details was announced to be held on January 27 and was being called the BIGBADABOOM-III. See the image below for how the marketplace Joker was announcing the huge unlawful event.
What led to the Wawa breach BIGBADABOOM-III?
In March last year, the Wawa stores were impacted by a malware that was installed on its Point Of Sale systems, which led to hackers stealing direct information about the cards that were being used to make a purchase.
For those who don’t know, the Wawa stores is a convenience store chain on the East Coast of the United States.
Around 860 stores that Wawa operates from, some 600 are also operating as gas stations.
If you have filled your tank from a Wawa gas station using your debit or credit card, then you are probably on sale right now on the Joker’s Stash for a mere $17.
The malware went undetected for months, and only in December, it was removed from its systems.
No wonder the hackers could collect such a massive database of genuine payment cards.
When Wawa disclosed the cyberattack last year, the hackers deemed it to be a green flag for moving to the next phase of their operation- the sale.
Gemini Advisory, who analysed the BIGBADABOOM said that, “JokerStash uses the media coverage of major breaches such as these to bolster the credibility of their shop and their position as the most notorious vendor of compromised payment cards.”
What is the effect of the BIGBADABOOM-III?
According to reports, the maximum amount of exposed customers are from Florida and Pennsylvania.
Customers from New Jersey, Delaware, Maryland, Virginia, Washington, D.C. are also hit by the data breach.
The foreign customers who are included in the data breach are apparently from Europe, Asia, Latin America, Arabian nations and other parts of the world.
The effect of this cyberattack is beyond measure. Even though Wawa is claiming that no PINs or CVV numbers were released due to the attack, the online marketplace says differently. Other than geolocation of the cardholders, the CVV2 numbers are also exposed online.
What customers can do to protect themselves from this epidemic is to change their PINs and CVVs as quickly as possible.
Thieves and motivated hackers are pretty quick to act on such data breaches, so it will be a good thing to check your bank statement for any suspicious transaction, blocking your card for a few weeks and contacting your bank regarding the best practices in such situations.
Spread the news among your groups of friends and family. Let them know before it’s too late.
What do you think of this data breach? Do you have any questions? Let us know in the comments section below.
Keep watching our news blog for more updates on this incident.
Stay tuned, stay safe.