WHID 2007-89: The big TJX hack
Update (January 12th 2009) An Ukrainian hacker who who was a member of the TJX hack ring was sentenced to 30 years in jail by a Turkish court. According to investigation papers Maksym Yastremskiy made approximately 11 million dollars from the hack!
The TJX breach is one of most publicized hacking incident in recent years. However, until now it was not part of the Web Hacking Incidents Database. And for a good reason: early report described the hack as a war driving hack, in which the attackers drive around and find a wireless network not properly secured.
However new information from the trial of the identity theft ring leader Albert Gonzalez, reveals that in order to penetrate TJX data center from the captured end points, the hackers employed different techniques including password sniffing and SQL injection. The later justifies getting the TJX incident for the 1st time into WHID.
Additional information:
- Network World, June 8th 2008
