Stolen credit card details posted to Internet forum

Research experts at FaceTime Security Labs have discovered a considerable collection of stolen credit card details posted on a “Warez Forum,” a discussion group frequented by hackers trading pirated media and video games.

Some of the exposed credit card details included PIN numbers as well as an email “receive address” indicating that information had been obtained directly from a back-end on-line payment system.

Further details about this incident can be found at www.blog.spywareguide.com and on researcher Chris Boyd’s personal blog at www.vitalsecurity.org.

Boyd, senior director of malware research for FaceTime Security Labs, discovered that the credit card data had been published.

“The odd thing about it was that the person who posted the details didn’t really come across as a professional carder – more like someone who happened to stumble across a stockpile of sensitive information and was now trying to distribute it as quickly as he could,” said Chris Boyd.

“This is a case of stupid criminals at work. The poster happily included all of this information with a photograph of himself as well as his location listed under his forum avatar.”

FaceTime Security Labs researchers, including Boyd (aka Paperghost), are constantly searching for malware, botnets, spyware and incidents of hacking of social networking sites that can compromise personal as well company data.

While this research is conducted and used to protect FaceTime’s enterprise network security customers, occasionally the FSL team uncovers incidents – such as this one – that are more widespread and affect a wide variety of consumers.

“Everyone takes a security risk when they shop or hang out online, but we can reduce the risk with some common sense and specific moves,” said Boyd. “A company would never stop using email just because they get SPAM, but everyone needs to balance the benefits of the Web with ways to avoid the risks.”