DIYbanter - View Single Post

Lee B

On 12/21/2013 2:29 PM, DerbyDad03 wrote:
Lee B wrote:
On 12/20/2013 9:14 PM, Oren wrote:
On Thu, 19 Dec 2013 23:45:17 -0500, wrote:

AIUI, they got the PINs to go with the account numbers. That could
really be bad for a lot of people.

...and the 3 or 4 digit security numbers of the cards.

Expert spoke the other day:

Video: (Cybersecurity analyst breaks down how it happened)

http://www.foxnews.com/on-air/shepard-smith/index.html#/v/2951632445001

Interesting article at
http://techcrunch.com/2013/12/20/the...target-reacts/
(and also an interesting link inside about a cyber security guy's
description of buying some of the stolen info and how they knew about the
breach before Target went public).

They said another problem is that the problem might not be immediately
apparent to the card owners, that it could show up months or more later
as the info is sold online.

I shopped at Target several times during that time frame, so I went to my
bank to ask what to do. They ordered me a new check card. (Hmm, didn't
take into account that they would immediately disable the current card
and it would take the new one several days to arrive... guess I'll see if
the store cashiers can still deal with checks, LOL).
And I finally dragged myself into the current century and let the bank
guy help me set up online banking with text alerts.

BTW, just now caught another news story - security guy flat out
recommends that people who shopped at Target in that time frame get a new
card, esp if it's a bank debit card.

Yet other articles - and my bank - state that there is no indication that
debit card PIN numbers were captured. Originally the news was that every
number related to the cards was captured, but now things are changing. This
is one of those cases where the news is flying in fast and furious and it's
hard to separate the wheat from the chaff. Of course, replacing the card is
still the safest bet, but changing the pin is at least the minimum that
should be done. I've already done that. I also ordered a new card, but I
used the "broken card" path, not the "stolen card" path, so my card, with
the new pin, will work until the new one shows up.

Even before the hacking news broke, a co-worker got a call from Discover
that they were seeing strange activity on his card. All of the transactions
were rejected at the POS, but they called him anyway. His wife had shopped
at Target during the hacking period, so they think it is related, but it's
hard to be absolutely sure. The Discover agent wasn't able to - or
wouldn't - tell him why the transactions were rejected at the POS, but
since there was something like 6 of them at various locations, it raised a
flag and they called him. They will be issuing a new card.

It was partially the changing news stories that prompted me to get the
new card. That and the fact that I'm a worrier, and would obsess over
the "what if's". Plus since one of the reports said they hacked the
database (as opposed to just grabbing data as it was swiped), it could
open the possibility about the PINs. Not saying they were compromised,
just that I'd seen one of the talking heads speculating that they
couldn't say that they weren't.

In addition to the regular bank check card, I also have a separate debit
"works as a cc" card from an entirely different bank. I'd set that up
when I started doing online shopping and don't keep much money in there
(less to worry about); several months ago I added a Target debit card to
that account to take advantage of the 5% discount. The ironic thing is
that I *didn't* use the Target debit card during that time frame, so at
least I have that available while I await the new card.

Did you see the article
http://krebsonsecurity.com/2013/12/c...nd-markets/(it
was the one linked in the other article). There is a screenshot of the
online site that sells the stolen card info. How many cards are for sale
and the owners don't even know it. OK, yeah, I realize that goes on all
the time, but seeing it set up like a "normal" online store creeped me out.