Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Ice cream mogul Dairy Queen appears to have been breached with hackers likely stealing credit cards from some of its many US stores.
The chilling news comes from sources within the US banking sector who separately told cyber-crime prober Brian Krebs that fraudulent transactions on credit cards appeared to have stemmed from a breach at the company.
Dairy Queen admitted the US Secret Service had been in touch after initial waffle claiming it had no evidence of a breach.
Communications director Dean Peters has since said it was difficult to determine if breaches occurred at any of the franchised stores which were independent and not required to report security lapses.
"We would assist [the stores] if they reached out to us about a breach, but so far we have not heard from any of our franchisees that they have had any kind of breach," Peters told Krebs on Security.
Large franchise stores across Australia were similarly exposed, Vulture South understands.
While details were milky, Krebs speculated that the breaches may have resulted from a handful of hacked stores owned by a single franchisee.
This was based on recent data breaches at sandwich chain Jimmy Johns and the United Parcel Service. Both were popped by point of sale malware that was foisted over remote access lines onto devices that were protected by weak passwords.
These breaches came as US Homeland Security warned that the Backoff point of sale malware had infected more than 1000 businesses.
Popping a single franchisee may have given access to multiple stores, or those shops could have been protected with the same password or similarly weak passwords for the remote access credentials.
While a breach may cool sales, it was sweet news for carders; a private cybercrime forum is reporting a "huge and awesome update" with a tranche of 1000 cards selling on 11 August, a second with 2000 sold the following week and another with 5000 credit cards currently on offer.
Each batch noted the state in which the cards were issued in a new fraudster tactic to cash out locally in a bid to stay under the radar of bank fraud systems. ®