author photo
By SecureWorld News Team
Wed | Oct 3, 2018 | 2:11 PM PDT

The cybersecurity breach announcement popped up in red, in the upper corner of Burgerville's website, right above a beautiful photo of the local sweet potato fries with speckles of sea salt.

burgerville-hack

The regional burger chain known for locally-sourced "everything" says the FBI notified it recently of a breach by the hacker group Fin7.

Cybercrime group hits across the U.S.

That group has likely stolen some 15 million credit card numbers across the United States, including those of customers of Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli. Those companies previously announced their breaches and so have companies in other parts of the world.

And despite all the fast food places and restaurants they hacked, three of the Fin7 hackers are now eating jail food.

Clearly, not all of them are.

Burgerville says when the FBI told it about Fin7 hitting the food chain's network, it was believed to be a brief intrusion.

However, when Burgerville did forensics work (a digital investigation of the crime), it discovered that Fin7 hackers were still in the company's payment network, watching and stealing credit card numbers of Burgerville customers.

Now we know this went on from September 1, 2017, to September 30, 2018.

Since that time, Burgerville says it has taken systems down, removed the malware and other hacker tools, and re-secured its networks and credit card payment system.

Where do hacked and stolen credit card numbers go?

And in case you're wondering where stolen credit card numbers go and what might happen next, you are not alone.

Most cybercriminals involved in large hacks try to sell or trade what they steal.

They do this on hidden marketplaces on what is called the Dark Web.

The Dark Web is a place where you use a special web browser called TOR to hide your identity and make up a screen name so you can anonymously buy, sell, and trade all kinds of things: drugs, weapons, child pornography, stolen passwords, stolen credit card numbers, stolen identities, and more.

And aside from what is being sold, there are other sickening things about the Dark Web.

Buyers and sellers of our stolen information get ratings for their level of service, just like on eBay or Amazon.

People leave comments: Were the stolen goods as promised? Did that file of hacked passwords work? Was the hacker's customer service able to quickly answer any of the buyer's questions? "Five stars, I would do business with them again."

And on top of this, many of the hackers and common criminals operating on the Dark Web believe this is completely okay.

Roy Zur, CEO and Co-Founder of Cybint Security Solutions, shared with me about a Dark Web site where you can buy stolen usernames and passwords for PayPal accounts that contain money.

dark-web-paypal-accounts-for-sale

It's hard to see the tag line on this Dark Web store, but under "Paypal Cent" it says "Grab a few cents from the rich."

In other words, hackers are speaking their truth; they are just sticking it to the rich, so what's the problem?

Real example of buying and selling stolen online accounts

Zur showed us exactly how this buying and selling works. In this example, the hacker listed PayPal accounts confirmed to have money in them.

dark-web-paypal-accounts-for-sale-amounts

The hackers sell each account for 10 cents on the dollar. If you have $1,000 in your PayPal account, someone on the dark web could pay $100 to get your username and password and then cash out.

Wait, wouldn't hackers make more money if they used this stolen information themselves? Great question.

Yes, but they'd also increase the chances of getting caught. So for many of them, it makes sense to pull off a big heist, re-sell it anonymously in batches, and greatly reduce the chances of getting caught.

And by the way, stolen credit card numbers are often sold in batches as well. Value depends on the credit line of the card and whether information includes expiration date info and your secret 3- or 4-digit code that's actually printed on the card.

In Burgerville's case, and many hacking cases, it included all of that.

What to do if your credit card numbers are involved in a breach

The quality of breach announcements varies tremendously by company. Some say very little that is helpful. However, the FAQ and details in the Burgerville breach announcement explain what any breach victim should do.

Read the entire breach announcement for yourself or take this information as a list of best practices:

* Review your card statements for any unauthorized charges. If you see something suspicious, contact your credit or debit card company immediately to report the activity.

* Obtain a copy of your credit report and look for unauthorized activity there, too. You can get a free copy of your credit report once every 12 months from each of the three top credit reporting agencies. To obtain your annual free credit report, please visit
www.annualcreditreport.com or call 1-877-322-8228.

* You may also want to consider freezing your credit. As of September 21, 2018, freezing your credit is a free service provided by the three major credit bureaus. Go to each of the credit bureau websites linked below and locate the security freeze information.

Just remember that if you freeze your credit, you will have to un-freeze it before opening a new line of credit, taking out a new mortgage, etc.

In the meantime, keep an eye on your credit card statement if you've eaten at Burgerville in the last year.

And remember that it's not only safe to go back, it is delicious.

Just look at those sweet potato fries!

Comments