Security research, news and guidance

Heartlands data breach, its a big one!

August 18, 2009  |  Written by admin  |   Application Security, Data Loss, PCI DSS   |   Leave a comment

Hi,

I was in the middle of writing up a blog post pulling together information about the Heartlands data breach after I read earlier that three people have been indicted for the Heartland hack until I came across Rich Mogull’s excellent blog post. No point in me re-inventing the wheel after he had done such a great job!

Some of the current highlights from the breach information are:

The hacker behind the Heartland breach is the same guy who hacked TJX, Hannafords and 7-Eleven

130 million credit card numbers have been stolen

SQL Injection appears to be the vulnerability that has been exploited

As I have said many times you have to stop these web application vulnerabilities otherwise you will get exploited! The Secure Development Principles would have prevented this exploit if the vulnerable application had been built following the guidance I outline in the principles.

Invest in security, build security in and constantly strive to improve your security development and testing processes or you will eventually get caught out.

SN

This entry was posted on August 18, 2009 at 4:53 am and is filed under Application Security, Data Loss, PCI DSS . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

VIDEOS & SLIDESHARES

Look at our latest security Videos & SlideShares

EVENTS & SEMINARS

Upcoming Security Events & Seminars

PODCASTS & DOWNLOADS

Check out our Podcasts & White Papers