Security Experts:

Saudi Hackers Hit Israeli Credit Card Companies

A group of Saudi hackers hit several Israeli targets over the holidays, subsequently releasing credit card details and other personal information on 400,000 individuals. However, the credit firms are stressing that there is no need to panic.

Offered with the hope that the release would “hurt the Zionist pocket,” the Saudi group published the sensitive details over the holiday weekend. On Monday, once the list gained mass attention, it disappeared from the Web.

Offering assurances to customers that the breach wasn’t as bad as it looked, Isracard and Visa CAL (two issuing firms in Israel) said that in reality, only 18,000 of the leaked credit cards were still valid. The rest of the cards have long since expired. “We blocked all of the cards whose numbers were on the list to online use. They can still be used for regular purchases,” Isracard’s CEO said in a statement to local media.

Isracard and Visa CAL Hacked"First of all, we have to keep this proportionate. We have to differentiate between threats made by Saudi hackers and the facts. We've been working through the night and we discovered that contrary to reports, between all the credit card companies in Israel only 14,000 accounts or so have been compromised. That's about 0.2% of all active accounts in Israel. We will, of course, compensate customers who were compromised – as we routinely do. I'm responsible for my customers. Anyone who suffered damage will be compensated. There is nothing to worry about.”

Visa CAL’s CEO added that the cards issued by his firm were being blocked against phone and Internet purchasing until they were replaced. He too added that customers who were fraudulently charged will be compensated.

At the same time, there have been no reports of the hijacked cards being used. Still, 400,000 people had their personal information posted to the Web, so while the credit card problem isn’t as bad as it was made out to be, that’s a massive target list.

In related news, shortly before the holiday weekend, supporters of AntiSec published a list of nearly 70,000 credit cards stolen during the breach suffered by intelligence firm, Stratfor. According to analysis conducted by Identity Finder, the list contained about 36,000 active credit card accounts, and the necessary personal information associated with them.

In addition, AntiSec released a list of 860,160 password hashes taken from the account registration database maintained by Stratfor. The list contained passwords so weak, that more than 80,000 of them were crackable in less than 5 hours, using basic word lists and less than stellar equipment.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.