World

SQL Injection: Albert Gonzalez Steals 130M Credit Card Numbers

by Annina Bergman | August 17, 2009 at 12:53 pm

2027 views | 4 Recommendations | 3 comments

Albert Gonzales, 28, is charged with the largest case of credit and debit card theft in US history. Gonzales, from Miami, Florida, is already in jail for hacking into the databases of retail stores and stealing their client information. He has been working as an informant to the Secret Service since he was first arrested in 2003, but has still managed to pull off the biggest identity theft ever, using an SQL injection attack.

Gonzales worked with ten others to steal around 130 million card numbers from Fortune 500 companies by identifying security vulnerabilities in their websites. They then proceeded with selling the information they found.

Albert Gonzales faces up to 20 years in jail if found guilty of the new charges.

Mr Gonzales used a complicated technique known as an "SQL injection attack" to carry out the theft, the US Department of Justice alleged.

0 See all footage | View Slideshow

Share: email story | add to any | | facebook | stumbleupon

recommend This comment thread is now closed

alia_d

at 13:14 on August 17th, 2009

Wow. That is a lot of credit card numbers!

Jordan Yerman

at 14:52 on August 17th, 2009

The database exploit known as SQL injection is the weapon of choice for hacking the databases of social networking sites... which are even more heavily favored by hackers than government sites.

Jeremiah Grossman, chief technology officer of WhiteHat Security, and a contributor to Web Application Security Consortiums' WHID told SCMagazineUS.com on Monday that social networking sites are targeted so often because they have such large user-bases.