Seafood Restaurant Cards Possibly Hooked by Hackers

Houston-based Truluck’s Seafood, Steak and Crab House is the latest restaurant chain hit by a data breach. Truluck’s confirmed malicious code could capture credit or debit card number and expiration date. Customers’ names and addresses were not exposed.

The chain revealed that malicious actors gained access to its systems via point-of-sale malware, compromising customer card information at locations in Texas including Houston, Dallas, Austin, and Southlake; as well as Naples, Fla. and Chicago during parts of November and December of 2018.

What Happened/? Truluck’s was contacted by the FBI about potential unauthorized access to one of their servers. Truluck’s began an investigation, using third-party forensic experts to determine the nature and scope of the incident. Through this investigation, the chain confirmed, on or about December 19, 2018, an unauthorized actor inserted malware into the POS systems at eight restaurants to capture customer payment card information used for purchases.

As with all breaches affecting payment cards the risk extends to credit unions and other financial institutions that issue credit and debit cards

“Truluck’s immediately responded and has since secured its systems. Truluck’s is providing notice of this event via this press release and its website, as well as certain state regulators,” the restaurant chain announced in a statement dated Feb. 12.

“Frequently, an intrusion is detected by a notable change, such as a rapid increase in network traffic, a suspicious system login location or time, or the unusual export of sensitive information,”. Stephen Moore, chief security strategist for San Mateo, Calif.-based security management firm Exabeam, said. “Machine learning security approaches can make it fast and easy to find anomalous and suspicious user and device behavior. Its algorithms can baseline normal behavior in your network environment, then alert your security team whenever anomalous activity occurs.”

Moore added prebuilt security incident timelines can show the full scope and context of related event details. “With the increasing sophistication and worsening impacts of mega data breaches, now is the time for organizations to implement smarter security management solutions.”

Meanwhile in a separate discovery, UK-based The Register reported almost 620 million accounts from 16 hacked websites are now for sale on the dark web.

“Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords,” reads the account. “There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listing.”

The Register reported for less than $20,000 in bitcoin stolen account databases up for sale on the Dream Market cyber-souk, located in the Tor network include: Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).

Anurag Kahol, CTO and co-founder, of Campbell, Calif.-based Bitglass, said, “So far in 2019, approximately 2.2 billion email addresses and associated passwords have been compromised in collections of stolen credentials. Now, about 617 million online account details from sixteen different websites’ data breaches have been put up for sale.”

Kahol noted organizations must simultaneously defend their data against leakage and authenticate their users to ensure that they are who they say they are. “Fortunately, security technologies like data loss prevention, multi-factor authentication, user and entity behavior analytics, and encryption of data at rest can help ensure enterprise data is truly safe,” Kahol added.

Stephan Chenette, CTO and co-founder, of San Diego-based AttackIQ, pointed out “Unfortunately, it is quite common for people to reuse the same login credentials for accounts across a wide range of services in different industries including the financial, healthcare, retail and education verticals. If a malicious actor was able to obtain the email address and crack a hashed password for just one of these accounts, they could potentially gain access to multiple accounts with sensitive information.”

Chenette suggested consumers must start to realize that companies they share personal data with are failing to provide adequate cybersecurity protections, and should therefore exercise caution in determining which companies they share their information.

“Account records are not going away on the dark web. If anything, more credentials will be compromised and listed to be bought and sold by spammers to use in credential stuffing attacks,” Kevin Gosschalk, CEO, San Francisco-based Arkose Labs, stated. He added, “Every company not directly involved needs to be aware of the risks because people are consistently reusing passwords and usernames across multiple sites.”

Chris DeRamus, CTO, Arlington, Va.-based DivvyCloud, “The massive troves of data exposed in recent breaches should be a wake-up call for users to tighten up their password practices to avoid being victimized further by bad actors engaging in credential stuffing attacks. Using password managers to monitor login credentials over the abundance of websites users frequent as well as enabling (two-factor authentication) when possible are both excellent ways to deter hackers from compromising your accounts.”

DeRamus suggested the responsibility for the security of consumers’ information belongs to the companies entrusted with it. Organizations must balance their use of modern technologies (i.e. public cloud, containers, hybrid infrastructure, etc.) essential for maintaining a competitive market stance with the need for proper security controls.