If you’ve eaten at a Subway recently, there’s a slight chance that you might’ve got your credit card information stolen. OK probably not! But a group of Romanian hackers have managed to hack into Subway cash registers and have been logging down all sorts of customer info since 2008.
According to the courts, the hackers have managed to tap into 150 different Subway locations and 50 other small retailers through each store’s point-of-sale systems, gathered credit card information from 80,000 people and racked up THREE MILLION DOLLARS in fraudulent chargers. What’s amazing is how terribly simple the hack was, they didn’t even have to break a sweat.
The Subway owners weren’t following Subway security standards and fell into the slippery slope of leaky software. According to Ars Technica:
The hackers then deployed a collection of hacking tools to the POS systems, including logging software that recorded all the input into the systems-including credit card scans. They also installed a trojan, xp.exe, onto the systems to provide a back door to reconnect to the systems to allow the installation of additional malware, and prevent any security software updates.
All the info was transferred to FTP dump sites registered to stolen credit cards and some even began printing their own credit cards (with other people’s information). Next time I buy a $US5 footlong, I’m paying cash. [Ars Technica]