Charge Anywhere admits hackers are on its systems since 2009
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
December 11, 2014
Mobile payment processor Charge Anywhere admits that hackers may have been snooping on its systems since 2009.
While probing an internal malware infection, the e-commerce company discovered someone has been able to eavesdrop on its network traffic since November 2009.
That investigation revealed all sorts of sensitive data had been swiped from the global company's compromised computers, including customer names, card numbers, expiration dates and verification codes.
Hackers then succeeded in defeating Charge Anywhere's encryption before extracting data, as the company's statement explains:
Charge Anywhere began its investigation that uncovered and shut down the attack after being asked to investigate fraudulent charges that appeared on credit cards that had been legitimately used at certain merchants.
Charge Anywhere, a New Jersey-headquartered company that processes payments for mobile apps and websites, says cyber criminals extracted the sensitive data from its computers between August 17 and September 24, 2014 although someone had established the ability to sniff parts of its network traffic as far back as 2009.
The company added:
During the exhaustive investigation, only files containing the segments of captured network traffic from August 17, 2014 through September 24, 2014 were identified. Although we only found evidence of actual network traffic capture for this short time frame, the unauthorized person had the ability to capture network traffic as early as November 5, 2009.
The company has set up a help page allowing merchants to search an unpublished list of affected traders to find out whether or not they've been hit by the security breach.
The infiltration goes to demonstrate the importance for payment processors to fully encrypt sensitive data as it traverses their network, as cybercrime-focused investigative journalist Brian Krebs points out.
Source: Charge Anywhere.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!