The Target hack which allowed data from millions of customers to be stolen and in some cases, credit cards to be used for fraudulent purchases, may have been the result of a 17-year-old kid in Russia.
According to a report from security firm IntelCrawler, the software used in the Target hack and the infection of payment systems belonging to other six other retailers came from a hacker in St. Petersburg who goes by the name “ree4.”
This malware, titled BlackPOS, allowed hackers to steal credit card information from an estimated 70 million Target customers as well as millions of customers from other major retailers including Neiman Marcus.
Although the teenager responsible for BlackPOS may have been removed from the actual hack, reports are suggesting that he sold the software at a discounted price in return for profits attained from the credit card numbers and fraudulent purchases. BlackPOS was downloaded more than 60 times and for regular customers, ree4 sold the malware for $2,000.
An actual name for ree4 has yet to be released to the media, although researchers involved in the investigation may already know it.
Now that there are at least six major retailers that have been affected by this malware, customers are beginning to get worried about using their credit cards inside any US store. Even though the string of attacks seems to be over for now, security systems will have to be updated at many other retailers in order to prevent future attacks and leaks of credit card information.
Target and various security firms have warned customers that shopped at the retailer anytime around the holidays to change their PIN numbers and keep an eye on their credit card statements in case their number was used for a fraudulent purchase (something that has already been reported by some customers.)
If Target’s numbers are correct, the amount of customers affected by the breach could be as high as 100 million once it is truly determined how large the scope of the hack was.
Summary: A new report is crediting a 17-year-old by the name of “ree4” with the creation of the malware used by hackers who broke into Target, Neiman Marcus, and other retailers. The malware sold for $2,000 but was cheaper if the customers gave ree4 a portion of the profits from the hack.
Image Credit: mercurynews