February 2, 2017
Two forums where gamers illegally trade free copies of Microsoft’s Xbox360 games and Sony’s Playstation PSP games suffered attacks in 2015 that resulted in the theft of email addresses, passwords and IP addresses of up to 2.5 million individuals. While the intrusion occurred in September 2015, the stolen information has been packaged and sold in different forms to fraudsters who most likely are still leveraging it in various ways, according to former hacker and fraudster Brett Johnson. Johnson, who spent time in federal prison for CNP fraud and also worked as an informant for the U.S. Secret Service, acknowledges the irony involved in the pirates-getting-hacked story, but also notes there are several ways 16-month old information could still be used to commit fraud on e-commerce sites.
“If you’re going to be on sites like that, you kind of get what you deserve,” said Johnson, who now consults with companies on how they can improve security and identify and prevent fraud.
Mainly, Johnson says, given the reports of the information that was stolen, account takeovers are the likely result. Microsoft, he notes, is more vulnerable to direct attacks than Sony, but the information has probably already been used to take over accounts at other retailers.
“Information from this breach could still be out there enabling ATO, but a bigger worry now is that the stolen information is being used to fill out full profiles,” he explains. “If you have a stolen credit card number, you can cross-reference Social Security numbers and DOB easily. But, if you can add things to a profile like IP address and email and create what is known as a ‘fullz,’ the sky is the limit from a fraud perspective. There is always a use for information.”
The key for merchants? Johnson says that when data is compromised, figure out how it will be monetized. Merchants that understand how fraudsters will use certain pieces of information will be in better position to identify fraud and to stop it. Johnson will be sharing his experience on both sides of the law and advice as a keynote speaker at the CNP Expo in Orlando this coming spring (May 22-25, 2017). For information or to register to attend the event, visit CNPExpo.com.