A hacker has broken into the databases of an online limousine service, grabbing details of more than 850,000 customers — including Fortune 500 CEOs, lawmakers and A-list celebrities.
The hackers nabbed the details from CorporateCarOnline, based in Kirkwood, Missouri, which bills itself as “the leading provider of on-demand software management solutions for the limousine and ground transportation industry”. Its site also proudly declares: “Trust Us: Your Data is Secure”. Well, almost.
The site isn’t, apparently, too keen to discuss the loss, reports Krebs on Security. Which is perhaps understandable, because the data that went missing, inside a plain text archive, contained over 850,000 credit card numbers, expiry dates and associated names and addresses. Over a quarter of those cards were high- or no-limit American Express, and it turns out many were VIPs.
Speaking of which, Krebs rounded up some details from within the archive that detail just the kind of high-flyers who’ve had details stolen. Notes like these were left for chauffeurs, and made it into the database:
- LeBron James — Thomas & Mack Center sports arena, athlete entrance, July 22, 2007; “Call Lynn upon arrival.”
- Tom Hanks — Chicago Midway, June 19, 2013; “VVIP. No cell/radio use with passenger/prepaid. 1500 W. Taylor Street Chicago, Rosebud, Dinner Reser @8pm”
- Aaron Rodgers – Duncan Aviation, Kalamazoo, Mich., June 26, 2010; “Kregg Lumpkin and wife. 3 Bottle Waters. Greg Jennings Foundation.”
- Donald Trump, Wynn Hotel, Las Vegas, Feb. 12, 2007: “Must be new car, clean, and front seat must be clear.”
All in, a veritable goldmine for cyber criminals — and a fine reminder for us all to be vigilant about our online security. [Krebs on Security]