Moonpig username/passwords: not exposed by API. CC details: not exposed by API. Some details were exposed. Poss ID fraud, but tricky.
@charlesarthur @parsingphase You could match to an existing database of stolen credit card numbers.
-
-
@bazzacollins@parsingphase in which case they already have the CC numbers. That's a circular argument. -
@charlesarthur@parsingphase Not really. It potentially allows thieves to pair numbers with other required details. -
@bazzacollins@parsingphase I'm very doubtful they wouldn't already have the name/expiry details in such a database.
End of conversation
New conversation -
-
-
@bazzacollins@charlesarthur Also you can often guess first 4 chars, add last 4 chars, and you've massively reduced # of Luhn numbers to try -
@parsingphase@bazzacollins and then you only need the 3-digit code. Oh, damn, that's not in the API either. -
@charlesarthur@bazzacollins Not all retailers use CVV. Notoriously, not Amazon. -
@parsingphase@charlesarthur@bazzacollins …but does subsequently result in financial loss -
@nevali@parsingphase@charlesarthur ID theft thrives on the piecing together of different sources of data. Ask CC fraud investigators. -
@bazzacollins@nevali@parsingphase indeed. Wonder if Moonpig recorded API call numbers.
End of conversation
New conversation -
-
-
@bazzacollins@charlesarthur Or "Hi$name, your card ending $last4 has expired. Please log into $phishinglink to update it, love Moonpig". - End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.