Hackers Steal Info About LeBron James, Donald Trump, Lawmakers From Car Service Site

A company that handles car service and limo reservations for the rich and famous has found itself the victim of a massive hack that exposed information, including some high-limit and no-limit credit card numbers, for 850,000 clients, including some of the world’s wealthiest athletes, business executives, and influential lawmakers.

Brian Krebs from KrebsOnSecurity.com — the same guy that pointed out to Adobe that it had been the victim of a massive data hack — says he found the stolen data for the Missouri-based company on the same server where hackers had stashed the boosted Adobe information. He reports that he attempted to alert the company several times over the course of two weeks until its owner finally spoke to him on the phone, only to say, “I’d prefer not to talk to anybody about that.”

According to Krebs, the plain-text archive stashed on the server contained credit card numbers for 850,000 customers, along with expiration dates, names, and addresses, and notes about particular clients’ needs and requirements.

Of these compromised accounts, 241,000 were high- or no-limit American Express accounts, meaning an ID thief could probably have one heck of a party on someone else’s tab.

Beyond the financial gain that could be reaped from harvesting all these credit card numbers, Krebs points out that the data could be used as part of a larger, overall attack on any of the company’s clients, as the notes contain rather sensitive information like phone numbers, travel details, tail numbers of customers’ private planes — the kind of details that come in handy when practicing a bit of corporate espionage.

He gives the example of Kevin Mandia, CEO of cyber-security firm Mandiant. His info, along with others working for Mandia, was found in the hacked database, and last month he admitted to Foreign Policy magazine that he’d been the victim of a cyber attack via bogus limousine invoices that contained booby-trapped PDFs. It’s possible this is just a coincidence, but this is precisely the kind of attack someone could undertake with the information stolen from the car service website.

Among the celebrities whose information has been compromised by the hack — LeBron James, Tom Hanks, Donald Trump, Aaron “Discount Double Check” Rodgers, House Judiciary Committee Chairman Rep. John Conyers, Sen. Mark Udall of Colorado, the current and former CEOs of LEGO, and execs from Morgan Stanley and Boeing.

There’s also the anecdote about the unnamed MTV client who returned a Hummer limo covered from floor to ceiling in cheese slices, except for the spot where someone left their sex toy behind.