Thousands of celebrities including Tom Hanks, LeBron James and Donald Trump left exposed after limo firm to the stars is hacked

By  James Nye

PUBLISHED: 02:10 EST, 5  November 2013 |  UPDATED: 10:52 EST, 5 November 2013

An Internet security firm says a limousine  software company has been hacked, exposing credit card numbers and potentially  embarrassing details about close to 1 million customers, including film star Tom  Hanks, basketball player LeBron James and real-estate mogul Donald  Trump.

Alex Holden, chief information security  officer of Milwaukee-based Hold Security, says he discovered the breach at  Corporatecaronline more than a month ago.

He said he informed the owner of the  Kirkwood, Missouri-based software company that customers’ credit card numbers,  pickup and drop-off information, and other personal details had been  stolen.

Compromised: The breach at Corporatecaronline revealed that a chauffeur driving Tom Hanks to a Chicago restaurant for dinner was advised the client was a 'VVIP' who required 'No cell/radio use' 

Compromised: The breach at Corporatecaronline revealed  that a chauffeur driving Tom Hanks to a Chicago restaurant for dinner was  advised the client was a ‘VVIP’ who required ‘No cell/radio use’

 

 

‘The privacy implications of this are very  disturbing,’ Holden said Monday.

Car services buy software from  Corporatecaronline and use it to streamline reservations, dispatching and  payments.

Owner Dan Leonard did not return a call to  his company for comment Monday from The Associated Press.

Cybersecurity blogger Brian Krebs, working  with Hold Security, first reported the hack on his website krebsonsecurity.com,  including details dispatchers gave to drivers heading out to pick up celebrity  passengers.

Details: Other customers include Donald Trump, who required a new car with a clear front seat and LeBron James, (right) who was picked up at an entrance for athletes at a Las Vegas sports arenaDetails: Other customers include Donald Trump, who required a new car with a clear front seat and LeBron James, (right) who was picked up at an entrance for athletes at a Las Vegas sports arena

Details: Other customers include Donald Trump, who  required a new car with a clear front seat and LeBron James, (right) who was  picked up at an entrance for athletes at a Las Vegas sports arena

 

 

For example, Krebs reported a chauffeur  driving Tom Hanks to a Chicago restaurant for dinner was advised the client was  a ‘VVIP’ who required ‘No cell/radio use’ by the driver.

A chauffeur meeting Latin American textile  magnate Josue Christiano Gomes da Silva inside an airport luggage claim area  with a printed sign was warned: ‘SUPER VIP CLIENT. EVERYTHING MUST BE  PERFECT!’

Other customers include Donald Trump, who  required a new car with a clear front seat; LeBron James, who was picked up at  an entrance for athletes at a Las Vegas sports arena; and Colorado Sen. Mark  Udall, who was traveling to Boston with golf clubs.

The stolen files also include records about  what took place in the vehicles, including sex, vomiting and smoking marijuana,  Krebs reports.

Breached: Alex Holden, chief information security officer of Milwaukee-based Hold Security, says he discovered the breach at Corporatecaronline more than a month ago 

Breached: Alex Holden, chief information security  officer of Milwaukee-based Hold Security, says he discovered the breach at  Corporatecaronline more than a month ago

 

Rep. John Conyers, D-Mich., whose data was  among those breached, declined to comment Monday. But his spokesman Andrew  Schreiber said he was appreciative that the matter was brought it to his  attention.

Other members of Congress also said they were  uninformed.

‘This is the first we have heard about this.  We were never notified, but we are looking into the claim,’ said Leslie Shedd,  spokeswoman for Rep. Lynn Westmoreland, R-Ga.

Holden said he found the information from  Corporatecaronline customers stored on the same computer server where he earlier  found stolen usernames and passwords from PR Newswire, Adobe Systems and about  100 other firms.

He said most firms took immediate action when  informed; Adobe and PR Newswire went public when they learned of the breaches,  warning millions of customers affected.

Holden declined to name dozens of other  companies whose customers’ data also appeared to have been  hacked.

‘If we start mentioning the names, there  might be widespread panic,’ he said, noting that those companies are trying to  deal with the breaches. But Holden said he was concerned that Corporatecaronline  was failing to act, and that he contacted credit card companies  himself.

U.S. Congressman representing Michigan's 13th District Rep. John Conyers, Jr. was among those whose data was hacked 

U.S. Congressman representing Michigan’s 13th District  Rep. John Conyers, Jr. was among those whose data was hacked

 

Corporatecaronline’s website boasts of robust  data protection. ‘The only point of access to the servers is through our  firewall, which is managed by our data center, 24/7, 365 days a year,’ it  says.

But Jonathan Mayer, a cybersecurity fellow at  the Center for International Security and Cooperation at Stanford University,  did some poking Monday and found the website runs on outdated software prone to  vulnerabilities.

He said it has code dating back to  Macromedia, which was acquired by Adobe nearly eight years ago; Internet  Explorer 4, which rolled out in 1997; and 13-year-old Netscape 6.

‘The point here is that you don’t have to be  a big target to be at risk online anymore,’ Mayer said. ‘This is the new normal,  and it underscores the need for improving the regulatory  framework.’

The FBI did not immediately return a call  seeking comment.

Cybersecurity firm McAfee’s chief technology  officer Raj Samani said Monday the hack underscores how vulnerable customers can  be, even if they’re trying to use complex passwords and take precautions with  their privacy.

‘You can do anything you want, but in many  cases you entrust your data with multiple third parties, and it’s out of your  hands,’ he said.

Read more: http://www.dailymail.co.uk/news/article-2487568/Thousands-celebrities-left-exposed-limo-firm-stars-hacked.html#ixzz2jpmHE1XV Follow us: @MailOnline on Twitter | DailyMail on Facebook