Contrary to the claims of an unknown hacker group, initially issuing themselves as Anonymous hacker, no credit card information has been stolen from CyberGhost’s servers and published. The reason is obvious: CyberGhost itself handles no payments and therefore has no access to credentials or has any infrastructure to save it. Accordingly, the published list only contains a rather lame collection of expired serial numbers from past promotions …
At Christmas, a group of anonymous hackers filled the headlines, presenting a Sony hack and, later on, asserted via Twitter, to have hacked various companies and stolen their customer data, including UbiSoft, VCC, Brazzers, UFC TV, XBL Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart , EA Games, and, ultimately, CyberGhostVPN. Initially known as ‘Anonymous’, then as ‘Lizard Squad’, the group seemed to have access to different companies and collected a list of over 13,000 accounts on Amazon, Playstation, Xbox Live, Hulu Plus, Walmart and other retailers as well as entertainment and adult platforms. The list includes credit card numbers, security codes and expiration dates. As a little extra, the hacker also published a copy of the controversial Kim de Jong lampoon movie ’The Interview’.
Of course we can’t say anything about the truth of the allegations regarding the other affected companies, this is still to be reviewed, but as far as CyberGhost is concerned, we can give the all clear. CyberGhost itself does not accept payments and therefore has no data collection of credentials or else. In fact CyberGhost relies for payment processing on the e-commerce company cleverbridge – whose name is not on the list.
So what exactly has being published then, if not credit card data? Well, a series of expired serial numbers for CyberGhost subscriptions, grabbed at earlier campaigns and other promotions, plus some occasional license keys from recent actions (which were disabled during the last few days). So the purpose of the publication is rather unknown; it neither proves the existence of a vulnerability nor does it benefit someone.