Here’s a great example of the perils in trying to report on hacks or breaches disclosed on Twitter or Pastebin.
A hacker who self-identified as Reckz0r initially claimed to have hacked Visa and MasterCard and to have dumped 50GB worth of data (without credit card numbers).
I had my doubts, and wasn’t surprised to read later that Visa had cast doubt on the claims, noting that they do not collect or store some of the data types the hacker had disclosed. A reporter also reported that the data might be old data, as one of the individuals whose data were dumped said that he hadn’t lived at that address in over seven years. MasterCard would also eventually deny the claim.
Ultimately, the hacker retracted his claim and said that he had obtained the data from 79 banks, but not from Visa and MasterCard directly.
Even then, the controversy continued, as it would still be newsworthy if 79 banks were just hacked over the last three months. But another individual tweeted that what Reckz0r dumped was spoils from others’ hacks.
So what’s the real news story here? I have no idea. But this is a useful example of why I sometimes don’t rush to post a breach on this blog until I see confirmation or additional information to support it.