Hackers continue breaching, stealing credit card data from parking services
The hackers behind the Target and Home Depot data breaches have struck again, and this time the victims seem to be the customers of Book2Park.com, an online parking reservation service available at a variety of US airports.
According to Brian Krebs and his sources from several banks that bought a handful of cards from a new batch put on sale on popular carder online store Rescator[dot]cm, the common denominator is that all the cards were recently used by their rightful owners to make parking reservations at Book2Park.com.
Anna Infante, the owner of the service, confirmed that they had a breach, but that they still don’t know what information – if any – was stolen. According to her, the tech firm they use recently discovered that someone planted malicious files on the company’s Web server. She said that they are working on discovering the extent of the breach and to protect potentially affected customers.
This is apparently the third time that an aeroport parking service was targeted and breached by the same gang in the last two months or so. Previous targets were Park “N Fly and OneStopParking.com, and the attackers made off with card account information.
In all of these cases, the stolen information can only be used to effect fraudulent online purchases, Krebs noted, and said that it’s unclear why this group continues to target online parking reservation systems.
But, as one of the commenters cleverly noted, it’s maybe because these cards, used across many jurisdictions and at travel hubs, are less likely to be “red-flagged” when the crooks buy airline and train tickets (as they are fond of doing it).
According to the Book2Park privacy policy, the company collects personal and credit card information from users, but does not store financial information on their servers.
“Per company policy, we only store the last 4 digits of a customer’s credit card number, as required by our credit card processor to enable credits or cancellations,” they say. If this is true, the breach might extend beyond the company.