Products
▸
Leaked Credit Card
Credit card frauds affect millions of people every year. To estimate the damage of credit card numbers leakage is not an easy task. But in 2020, the losses topped 28.58 billion US dollars. Let’s take a look at the most significant cases such as Mastercard and Twitch
Mastercard: Thousands of credit card data leaked on the net
Tens of thousands of Mastercard credit card details surfaced on the web and were available for anyone to see. The affected number was around 90,000, the participants of the "Priceless Special" bonus program whose credit card details were breached. The leaked data included credit card number, name, place of residence, postal code and e-mail address. However, the card expiration date and the check digit from the back of the card were missing. Third parties could use the credit card data to make purchases from certain retailers – those that did not request security features such as the card expiration date and check digit. Fortunately, this was the exception. And these merchants would have to be liable for misuse of the credit card. But it would be a hassle and a lot of work.
So, here's what you should do if you participated in such programs:
Leaked data: Twitch denied loss of passwords and credit card details
The attackers apparently did not have access to the systems for storing login data or card details. According to Twitch, no credit card or bank data was affected either. However, the company confirmed access to its own source code.
Twitch released another statement on the security incident related to the leaked data that put the company in the headlines earlier. The gaming platform reiterated that the incident was caused by a “change in server configuration that allowed an unauthorized third party to gain unauthorized access”.
Among other things, Twitch claimed that passwords or credit card details were not exposed in the intrusion. The company commented that the systems storing Twitch credentials, hashed with bcrypt, were not accessed. Nor had full credit card numbers or banking information been compromised.
"The exposed data primarily included documents from Twitch's source code repository, as well as a subset of creators' payout data. We have thoroughly reviewed the information contained in the exposed files and are confident that only a small portion of users are affected and the impact on customers is minimal. We are contacting those affected directly," the company said.
An unknown hacker released all of Twitch's source code in a 128 GB file. This included creator payouts dating back to 2019, proprietary SDKs and internal AWS services used by Twitch, and all of the company's internal cybersecurity red-teaming tools.