Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Charge Anywhere admits hackers are on its systems since 2009

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 11, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Mobile payment processor Charge Anywhere admits that hackers may have been snooping on its systems since 2009.

While probing an internal malware infection, the e-commerce company discovered someone has been able to eavesdrop on its network traffic since November 2009.

That investigation revealed all sorts of sensitive data had been swiped from the global company's compromised computers, including customer names, card numbers, expiration dates and verification codes.

Hackers then succeeded in defeating Charge Anywhere's encryption before extracting data, as the company's statement explains:

Charge Anywhere began its investigation that uncovered and shut down the attack after being asked to investigate fraudulent charges that appeared on credit cards that had been legitimately used at certain merchants.

Charge Anywhere’s investigation found malware that had not been previously detected by any anti-virus programs. The malware was immediately removed and we engaged a leading computer security firm to investigate how the malware was used and to work with us to continue to enhance our network security measures.

Our investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic. Much of the outbound traffic was encrypted.

However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests.

Charge Anywhere, a New Jersey-headquartered company that processes payments for mobile apps and websites, says cyber criminals extracted the sensitive data from its computers between August 17 and September 24, 2014 although someone had established the ability to sniff parts of its network traffic as far back as 2009.

The company added:

During the exhaustive investigation, only files containing the segments of captured network traffic from August 17, 2014 through September 24, 2014 were identified. Although we only found evidence of actual network traffic capture for this short time frame, the unauthorized person had the ability to capture network traffic as early as November 5, 2009.

The company has set up a help page allowing merchants to search an unpublished list of affected traders to find out whether or not they've been hit by the security breach.

The infiltration goes to demonstrate the importance for payment processors to fully encrypt sensitive data as it traverses their network, as cybercrime-focused investigative journalist Brian Krebs points out.

Source: Charge Anywhere.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer