Whatever encryption for CCs, I think its going to have to be reversible or there...

rapind · on Nov 10, 2011

One technique is to store another string (a pepper) outside of the database (assuming the salt is stored with the records) which is used along with the salt to encrypt each password. This way, if only the database is compromised, and not the config file or env variable holding the pepper you're in better shape.

jaequery · on Nov 10, 2011

if they got to the database!, what makes you think they didn't get to the app server?

lawnchair_larry · on Nov 11, 2011

Although they theoretically could have, a lot of these hacks are done via SQL Injection, which is a step below having direct access to the machines. You can often leverage SQL injection further to do just that, but it takes more work/luck/skill than just dumping the DB. So it's not a given that they got filesystem access, but we shouldn't assume that they didn't either.

awj · on Nov 11, 2011

This could be the result of sql injection or some other application-level attack.

stickfigure · on Nov 11, 2011

Or possibly just a lost backup tape.

mguillemot · on Nov 11, 2011

If some backup tapes might go out of the building, they'd better be encrypted...

pferde · on Nov 11, 2011

I certainly DO hope that some backup tapes go out of the building. Offsite backups are a good thing.

ceejayoz · on Nov 11, 2011

The fact that one of the points of having a three-tiered architecture is improved security?

orblivion · on Nov 10, 2011

Unless they keep the keys somewhere unrelated?

jasonlotito · on Nov 11, 2011

The keys generally aren't kept anywhere. In fact, the encryption keys for a company valve's size should be split among multiple key company officials. The idea being, you should be able to steal the box that contains the credit card data and/or the machine that does the actual encryption and not have access to the keys (which, technically, aren't stored anywhere).