Gift card hack exposed – you pay, they play

2020-11-24 19:58

Very simply put, the crooks were after as many accounts as they could access to buy as many gift cards as they could as quickly as possible.

Crooks with access to a whole company's worth of users - in this story, the company's VPN supported about 200 people - can try to acquire not just one but potentially hundreds of pre-paid gift cards in short order.

It seems that only a few of the users attacked in this way had saved their credit card details for automatic re-use when making purchases, which is probably why the crooks only managed a few hundred dollars of gift card purchases before being spotted.

Apparently, numerous users who needed to re-reset their altered passwords to get back into their accounts noticed that there were gift cards queued up for purchase in their online shopping carts, but that the crooks had not been able to finalise those purchases.

Secondary interest or not, the crooks weren't after gift cards only.

News URL

https://nakedsecurity.sophos.com/2020/11/24/gift-card-hack-exposed-you-pay-they-play/

#hack