Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Hackers Steal Republicans' Credit Card Data

by Elizabeth Harper on October 17, 2016

It's time to check your credit card statements. More than 5,900 online storefronts, including the National Republican Senatorial Committee (NRSC), which helps fundraise for Republican Senate candidates, were compromised in a hack this year. Dutch researcher Willem de Groot uncovered the suspicious code, which collects credit card data and passes it along to a Russian-language ISP. From there, it's likely your credit card numbers are sold off to the highest bidder.

The hack caught web stores in the same way viruses and malware catch us: by exploiting known security vulnerabilities or guessing easy passwords. Once into the system, hackers avoided making changes that might be noticed, and instead added code the stores' checkout pages that looked legitimate. And, again, just like hackers trick us, these hackers tricked retailers by sending data to addresses that appeared to be associated with ecommerce but were a character or two off from the actual address. While we know how easy it is for us to make these security mistakes, we expect retailers to do better.

There's no evidence that this hack was political, like the hacking of Democratic National Committee emails. Instead, this attack solidly attacks the average person who just wants to buy a bumper sticker or make a donation. 

The malicious code has been removed from the NRSC site, but it was active from March 2016 through October 5, giving hackers six months to collect financial information from contributors. It's impossible to know for certain, but based on traffic to the NRSC site, de Groot estimates the hackers might have taken as many as 3,500 credit card numbers per month, for a total of 21,000 stolen since March. And as to how many cards may have been taken from the other 5,900 compromised sites? It's impossible to say.

Unfortunately, the problem is far from over. Though the compromised sites have been made aware of the problem, only a small portion have removed the hack. According to de Groot's latest scan, 340 of the original 5,900 have been fixed, while he found 170 newly compromised sites. (Here's the list of compromised sites as of 10/14/16) 

So how can you keep yourself safe? The most important thing to do is check your credit card statements. If you see any activity that you didn't authorize, contact your financial institution immediately.

Secondly, and this really should go without saying at this point, use an anti-malware program that protects your PC or Mac against infected sites (our recommendations). A quick using our 2015 top pick, Bitdefender, shows that they are already blocking the affected sites.

Bitdefender trojan warning

On top of that, make sure you're shopping with large, known retailers online. While some reputable stores were caught by this exploit, they were also the ones who took prompt action to correct it.

[Open lock on circuit board via Shutterstock]


Computer Safety & Support, News, Computers and Software, Blog

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.