An Internet security firm says a limousine software company has been hacked, exposing credit card numbers and potentially embarrassing details about close to 1 million customers, including politicians, star athletes and corporate executives.
Alex Holden, chief information security officer of Milwaukee-based Hold Security, says he discovered the breach at Corporatecaronline more than a month ago. He said he informed the owner of the Kirkwood, Mo.-based software company that customers' credit card numbers, pickup and drop-off information, and other personal details had been stolen.
"The privacy implications of this are very disturbing," Holden said Monday.
Car services buy software from Corporatecaronline and use it to streamline reservations, dispatching and payments. Owner Dan Leonard did not return a call to his company for comment Monday from The Associated Press.
Cybersecurity blogger Brian Krebs, working with Hold Security, first reported the hack on his website krebsonsecurity.com, including details dispatchers gave to drivers heading out to pick up celebrity passengers. For example, Krebs reported a chauffeur driving Tom Hanks to a Chicago restaurant for dinner was advised the client was a "VVIP" who required "No cell/radio use" by the driver.
A chauffeur meeting Latin American textile magnate Josue Christiano Gomes da Silva inside an airport luggage claim area with a printed sign was warned: "SUPER VIP CLIENT. EVERYTHING MUST BE PERFECT!"
Other customers include Donald Trump, who required a new car with a clear front seat; LeBron James, who was picked up at an entrance for athletes at a Las Vegas sports arena; and Colorado Sen. Mark Udall, who was traveling to Boston with golf clubs.
more
News from The Associated Press
Alex Holden, chief information security officer of Milwaukee-based Hold Security, says he discovered the breach at Corporatecaronline more than a month ago. He said he informed the owner of the Kirkwood, Mo.-based software company that customers' credit card numbers, pickup and drop-off information, and other personal details had been stolen.
"The privacy implications of this are very disturbing," Holden said Monday.
Car services buy software from Corporatecaronline and use it to streamline reservations, dispatching and payments. Owner Dan Leonard did not return a call to his company for comment Monday from The Associated Press.
Cybersecurity blogger Brian Krebs, working with Hold Security, first reported the hack on his website krebsonsecurity.com, including details dispatchers gave to drivers heading out to pick up celebrity passengers. For example, Krebs reported a chauffeur driving Tom Hanks to a Chicago restaurant for dinner was advised the client was a "VVIP" who required "No cell/radio use" by the driver.
A chauffeur meeting Latin American textile magnate Josue Christiano Gomes da Silva inside an airport luggage claim area with a printed sign was warned: "SUPER VIP CLIENT. EVERYTHING MUST BE PERFECT!"
Other customers include Donald Trump, who required a new car with a clear front seat; LeBron James, who was picked up at an entrance for athletes at a Las Vegas sports arena; and Colorado Sen. Mark Udall, who was traveling to Boston with golf clubs.
more
News from The Associated Press