Feeds

A-list celebs, biz barons' privates EXPOSED in limo hire hack – report

Data harvest linked to Adobe source, database swipe

High performance access to file storage

Personal information, financial records and salacious details about 850,000 celebrities, top executives and other customers were swiped by hackers from a limo-booking software company, it is claimed.

The attacked biz, said to be CorporateCarOnline based in Missouri, brokers reservations for limousines and other rental cars nationwide. The firm has yet to respond to The Register's request for comment.

Fortune-500 chief execs and A-list celebs are believed to be among those whose credit card details and addresses were dumped in a plain-text archive on the same servers that housed source code and private data slurped from Adobe and PR Newswire by miscreants.

Investigative journo Brian Krebs, who broke the news of the data raid with Hold Security, reckons the limo bookings grab is therefore part of a larger hacking operation.

"On September 28, Hold Security Deep Web Monitoring identified a database with nearly 10 million records on the same server where Adobe and PR Newswire data was found," Hold said in its report. "[The database] was identified to belong to CorporateCarOnline, who later confirmed the ownership."

It's likely the attackers exploited security shortcomings in Adobe's ColdFusion platform to lift the database some time before September 10.

According to Krebs, the infiltrators were able to access details on captains of industry to film and basketball stars. Other possible casualties of the attack include a number of US politicians and executives at companies including Boeing, Morgan Stanley and, er, Lego.

In addition to plundering customer credit-card details and exposing VIPs' travel plans, Krebs suggested that miscreants armed with the treasure trove of information could blackmail or coerce high-profile targets or otherwise compromise their businesses and family lives.

"This database would be a gold mine of information for would-be corporate spies or for those engaged in other types of espionage," he wrote. "Records in the limo reservation database telegraphed the future dates and locations of travel for many important people."

Perhaps he's also referring to this message found in the data dump, which was apparently sent to a customer after a stretch Hummer was rented: "We do not allow any sexual activities in the car and we have found sex toy while cleaning the car. We have charged your card for cleaning fee of $100 since we had to send [the] limousine to the car wash to get it detailed after all the activities during your rental."

Oh-err. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.