Happy New Year everyone! I hope you're excited for what's to come from ToBeSecured this year as I have a lot in store. As we're still battling with COVID-19, I hope you all are staying safe, practicing social distancing, and wearing your masks at all times. It's very important we practice being secured in the physical element too. You can expect to receive news every week via both my Cyber Tuesdays series on YouTube and Instagram as well as weekly posts on my website. I want to thank you for supporting my business thus far and becoming an advocate for privacy and security as you're learning new topics and sharing with your peers. Welcome if you are a new member and have decided to come along this journey.
Today, I am going to tell you about a recent hacking incident with American Express credit card holders. As if most people aren't already dealing with the pandemic, losing their jobs, behind on bills, stressed out, this incident just adds to an already hectic world.
A threat actor has posted data of 10,000 American Express card holders on a hacker forum for free. In addition, in that same post, the threat actor claims to sell even more data of Mexican banking customers of Santander and Banamex. The finding was brought to light by threat intelligence analyst, Bank Security.
As analyzed by BleepingComputer, the leaked sample data set of 10,000 records exposes full American Express account (credit card) numbers and customers' personally identifiable information (PII) including name, full address, phone numbers, date of birth, gender, etc.
However, BleepingComputer did not see credit card expiration dates, passwords, or overly sensitive financial data in the posted spreadsheet that could enable misuse of the credit cards in fraudulent transactions.
The information that was released is still in fact critical because anyone who comes along could use that information to try and guess passwords and do further damage. It seems the actor behind the forum post intends to expose this data mainly for marketing spam purposes.
"I do not sell private data such as password, card information, and ID number. With the data I sell or share, you are only exposed to spam or marketing :)," stated the seller in the same forum thread.
After BleepingComputer reaching out to American Express to verify the authenticity of the released information, they released this statement to the public: "We are aware of the report and are closely monitoring the situation. We do not have anything further to share at this time." American Express neither denied nor admitted that they had suffered a data breach, but shared that all Amex cardholders are not liable for fraudulent charges.
"However, as a reminder, American Express card members are not liable for any fraudulent charges on their accounts. American Express has sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspect activity. If we see there is unusual activity which may be fraud, we will take protective actions," American Express told BleepingComputer in a statement.
Amex cardholders should remain vigilant and report any fraudulent activity seen on their card statements to American Express.
Additionally, cardholders are urged to watch out for suspicious phishing emails, texts, and phone calls which could now be even harder to spot—if the scammers include parts of the credit card number and legitimate PII in these communications to earn the customer's trust.
If you are a card member of any of these bank institutions, please keep an eye out on any suspicious activities - money missing from your account, unusual login attempts, other devices logging into your account, phishing emails (as mentioned above), etc. It'll also be of good interest if you make sure all your information is accurate and passwords are updated; if anything seems off, do not hesitate to contact your bank.
What are your thoughts on this topic? Subscribe to my blog if you haven't already and follow my Instagram - ToBeSecured for CyberTuesday vlogs. I have launched my YouTube channel and you can find me by simply typing Kassirer Dunn into the search engine. Thank you for tuning in and remember ToBeSecured!
Comentários