14 DAY TRIAL // After OneStopParking and Park ‘N Fly, hackers have breached the computer systems of off-airport parking operator Book2Park.com and they have stolen payment card information, which is currently for sale on an underground forum.
Financial institutions noticed the new batch of cards available on the cybercriminal marketplace and purchased some of them in order to determine a common merchant they had been used at.
Malware has been discovered and removed from the web server
The common denominator proved to be Book2Park.com, an online service that offers parking spots at airports and seaports across the United States. This is most of the times a clear indication of the target whose computer systems storing payment information have been compromised.
Ana Infante, the owner of the business, has been contacted by security blogger Brian Krebs in relation to the breach and she said that she was not aware of customer cards being on sale on criminal forums.
However, she informed that malware had been discovered on the business’ web server and measures were immediately taken to clean the machine.
“We are taking all further steps in protecting our customers and reporting this to the proper authorities,” she told Krebs
According to Krebs, the card batch stolen from Book2Park is advertised as “Denarius” and he alleges that they are sold for between $12 / €10.60 and $18 / €16 a piece, much higher than those stolen from OneStopParking and Park ‘N Fly because they were issued by banks in Europe.
At the moment, it is unclear if the customers affected by the incident can still be identified so that they can be warned about the security breach and take the necessary action to protect their financial assets.
Cybercriminals shifted their attention to off-airport parking operators
In December, the same criminal marketplace, rescator[.]cm, advertised a database (dubbed “Solidus”) with cards stolen from OneStopParking. The information stolen by the hackers included cardholder information, card expiration date and CVVs (card verification value). The same details were stolen from the systems of Park ‘N Fly.
The CVV is required as a verification measure in card-not-present transactions such as online purchases, to prove that the buyer is actually in possession of the card. It is against the Payment Card Industry Data Security Standard (PCI DSS) for merchants to store this info on their systems, specifically to stifle fraud attempts in case of a breach.
In the case of Book2Park, it is unclear how many customers are impacted or if the CVV information was available on the server.