MenteDigitale Security

22.000 numeri di carta di credito pubblicati, rimossi ma ancora raggiungibili con la cache di Google

[WebDataBank - mentedigitale.org]

Trovo il tutto davvero allucinante.

Alla fine dell’ articolo spiegero’ brevemente in italiano cos’ e’ successo.

A defunct payment gateway has exposed as many as 19,000 credit card numbers, including up to 60 Australian numbers.

The discovery by a local IT industry worker was made by mistake.

Apart from being the result of poor security, it may also have been aided by a side-effect of the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone.

The cached data, viewed by iTnews, includes 22,000 credit card numbers, including CVVs, expiry dates, names and addresses.

Up to 19,000 of these numbers could be active. Most are customers in the US and Britain although some are Australian.

The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus.

Within the address bars of the cached pages are URLs of companies, including UK retailers of laboratory supplies, sports and health goods, apparel, photo imaging and clothing.

“I received a Google Alert for a name,” said the worker who discovered the problem, speaking on condition of anonymity to iTnews.

“The alert started with a bunch of other numbers, so I went to the web page and it was just a virtual directory listing with a bunch of directories underneath and a load of files inside.”

“It looks like the site might have been a payment processing gateway that handled credit card transactions for a bunch of websites before it went belly-up,” the worker speculated.

The worker tried to report the find immediately to Visa and Mastercard, which have the lion’s share of card numbers, but said neither returned calls.

iTnews has contacted the credit card providers for comment.

“We’re investigating this report as a matter of priority, but it’s too early to make any further comment,” said a spokesperson for Visa.

The information will be handed to police tonight, the worker said.

L’articolo rimanda ad un altro link:

Officers from the Australian Federal Police have swung into action to mitigate the fallout from the exposure of about 19,000 credit card numbers, as uncovered by an Australian IT worker yesterday.

Officers from the AFP contacted iTnews within two hours of posting a story on the data security breach.

The 19,000 credit card numbers are still visible in a Google cache as this story is published, but the AFP assured iTnews the law enforcement agency is doing all within its powers to minimise the damage caused to those Australian customers whose personal and financial data were laid bare on the web.

The AFP said it has been in contact with the credit card companies that issued the cards.

A thread on broadband forum site Whirlpool discussing the exposure of the credit card details has also been closed.

The thread now reads:

“This thread has been deleted. Reason: being handled by the Federal Police.”

In effetti, come si puo’ notare nell’ articolo citato, e’ stato censurato tutto dalla Polizia Federale.

In pratica per un errore sono stati pubblicati 22.000 numeri di carta di credito (19.000 ancora attivi), compreso CVVs, le date di scadenza, i nomi e gli indirizzi; poi hanno (IMHO giustamente) censurato il tutto.

Il problema e’ che con una piccola ricerca (che non riportero’ per motivi etici e legali) sfruttando la CACHE di GOOGLE e’ possibile tutt’ ora risalire ai dati sensibili.

Un ulteriore prova dell’ invadenza all’ interno della rete (e non, vedi “Google Street View”) della “grande G”.

Buona continuazione

WebDataBank

Fonti:

www.itnews.com.au

www.afp.gov.au (polizia federale dell’ Australia)

Popularity: 81% [?]

Un articolo a caso:

• April 3, 2009 -- DVD Decrypter per rovesciare un film di DVD al Hard disk eliminando le possibili protezioni del DVD. Come installarlo su Linux (0)