Cybercriminals steal Bebe Stores customers' credit and debit card details
It's looking like the latest store to fall victim to cybercriminals is women's clothing chain Bebe Stores. Signs of the problem emerged earlier this week when fraudulent charges started to crop up on people's credit cards. What linked each of the victims was the fact that they had shopped in Bebe Stores.
KrebsOnSecurity reports that stolen customer details have been made available for sale on the "cybercrime shop" Goodshop. The timing is interesting as the data seems to have been put up for sale immediately after Black Friday and Cyber Monday -- a period when sales are much higher than normal.
An East Coast bank bought card data from Goodshop and found that they had all been used in Bebe Stores between 18 and 28 November. KrebsOnSecurity points out that what is available to buy "are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards".
It's not yet clear quite how many people have been affected by the security breach, nor is it known exactly how the data was obtained. It's possible that malware was used to infect point of sale terminals, but this is yet to be confirmed. There is no suggestion that the Bebe Stores' website has been compromised. Customers whose credit cards have been comprised will have the guarantee of their credit card company to fall back on, but the news is not necessarily as good in the case of debit cards.