Old Nov 20, 18, 1:42 am
Join Date: Jan 2016
Location: LON
Programs: BAEC, Accor
Posts: 1,275
Originally Posted by Nicc HK View Post
The hackageddon ocurred at the beginning of 2018 so there has been plenty of time for the hackers to punt details on the dark web. What is not known is whether your CC theft is linked to the CX hackageddon.

Given the sheer number of people's details stolen, and I very much doubt CX has at any point been truly open and honest, the probability of being informed of your details being stolen and a CC theft occuring shortly after is very high, even if the events are not connected. However, CX appears to have been 'economical with the truth'.

The HKMA publishes statistical data quarterly and at the end of 2Q2018 there were 20.06 Million CC/DC issued in Hong Kong, and CX had 9.4 Million people's details hacked. If we assume 75% of these were HK residents then the potential impact is 7.05M or approximately 35% of all CC/DC in HK. If there was a large uptick in HK CC fraud then this would suggest a correlation. At this point there are no leading indicators that this has happened. However given the sophisticated nature of the attack on CX's unsophisticated IT infrastructure the bad guys could be drip feeding stolen data into the system.

In this case as the CC was used for a service the relevant anti-fraud teams can track down those people who used the tickets quite easily. Your CC thieves won't be so dumb as to use the CC themselves, but it will help any investigation.

I should add that the UK Government has a whole cyber warfare centre dedicated to the kind of attack that hit CX and do assist global businesses. CX should have gone to the experts as soon as they realised what was happening.
Whilst what you state above all makes sense, in practice compromised data tends not to be used as quickly as you suggest. Initial attempts to monetise stolen data are often quite high and the market quite often goes elsewhere. Over time the price will drop and more and more data gets sold on and used.

So although there is no real pattern to when compromised data surfaces it can be anything from a few hours to a few years later. I could quote many examples where compromised data get used over a year after the initial breach.
plunet is offline  
Reply With Quote