As I wrote about the other day, service providers look like they are the new target of opportunity for hackers.
Until the other day, PNI Digital Media, owned by Staples, ran kiosks in places like CVS, Walmart and Costco, where people could print their digital pictures.
The place on their web site has now removed those customer names, although the Internet never forgets – copies of the old version of the page have been archived.
CVSPhoto has a notice on their web site that they shut down their photo site due to a compromise at their vendor.
Walmart Canada made a similar statement last week regarding the same issue.
So does Costco – and Tesco’s site says that the site is down for maintenance. Rite Aid said that information was compromised, but PNI doesn’t process their credit cards, so it is other personal information.
You may see similar announcements in the near future from Sam’s Club and Walgreens.
And who knows what other, smaller, clients they have.
So here is the new model:
- Find an outsource provider
- Hack them
- Get information from many, many companies.
- Rinse and repeat with the next vendor
Since this model seems to be succeeding at the moment, expect to see it again. Rinse and repeat.
Information for this post came from KrebsOnSecurity.