Credit card numbers from as many as 5 million Sonic Drive-In customers may have been swiped in what security experts are calling one of the largest-ever data hackings.
Sonic acknowledged the breach after KrebsOnSecurity.com, a data-security website, had undercover affiliates buy working card numbers on a “dark web” site called Joker’s Stash. The numbers the proxies agreed to buy had all been recently used at Sonics.
The prices ranged from $25 to $50, depending on such variables as type of card and the cap on expenditures.
Sonic said it was still investigating the extent of the breach, working with third-party authorities. It noted that it was limited by the officials as to what it could say.
The 3,527-unit chain had yet to post anything about a breach on its website.