A hacker claiming to have broken into networks of dozens of banks and stolen customer data, has released as proof a file that contains names, addresses, e-mail addresses, and phone numbers in plain text, but no credit card numbers.
"I penetrated over 79 large banks, I've been targetting these banks since 3 months," read a tweet from the Twitter account of Reckz0r. "Actually, I didn't hacked VISA & Mastercard, I hacked the banks, #Chase..etc."
A Pastebin post from today has a link to a downloadable file on the AnonFiles.com site that appears to have data from about 1,700 accounts in the U.S. and other cities around the world. Reckz0r said only a portion of the credit card information is being leaked because there is just too much of it, and that the credit card numbers are being withheld. Reports in Dutch media referred to 50 gigabytes of data and 113 pages.
Reckz0r is a self-proclaimed "Greyhat" hacker who has "no special talents. I am only passionately curious," according to the Twitter profile.
The data dump comes less than a week after the hacker claimed to be retiring to become a Whitehat hacker. In a separate Pastebin post from last Tuesday, the hacker claimed to be to retiring from hacking for fun and will use "intelligence for good" instead. Reckz0r claims to be a former member of the online activist collective Anonymous and a group called "UGNazi," and to have formed "SpexSecurity," which took credit last week for posting passports and visa information for suspected terrorists.
Reckz0r also apologized to the victims of the hacks in that post. "I've done over 50 large hacks, and leaked many essential information, I am sorry if I harmed you, or affected your families," the hacker writes. "This is my departure from the hacking scene. I am no-longer a hacker, I'm a whitehat."
In an interview with Death and Taxes Magazine last week, Reckz0r claimed to not be bluffing with the retirement news and said "I want people to be able to sleep at night..."
Update, June 19, 1:35 p.m. PT: Several readers have e-mailed to report that the data dump appears to have been posted previously to a different hacker site, while a hacker posting from the @OfficialComrade Twitter account claims the data was previously posted to an altogether different site, suggesting it has been recycled. It is unclear who stole the data and where it came from, as is the case with many data dumps in the hacker community.
Thanks to Adam O'Donnell at Sourcefire for help with research.