> >

olive garden

 

Comments

Personality analysis

I started a new category called creditcard for what appears to be credit card numbers. This one might be Visa.

Max_Evil 19:01 25 Aug 06

I will run a regex query across the DB and search for 16 digit patterns.

There is an algorithm to check credit cards:

http://www.merriampark.com/anatomycc.htm
more info:
http://www.beachnet.com/~hstiles/cardtype.html

It wouldn't be too hard to run the algorithm against all the supposed credit card numbers found.

Probably there is some free program that can do it.

I hope that these credit cards have been cancelled already! Maybe we should send them to the credit card companys to have them cancelled first (if they have not already done this research themselves?) There has been a fair bit of publicity about credit cards in the AOL database so I hope they have done so.

Max_Evil 19:18 25 Aug 06

I found a better one here: http://www.boost.org/libs/regex/doc/introduction.html, it's '\\d{3,4}[- ]?\\d{4}[- ]?\\d{4}[- ]?\\d{4}'

Now the query is running, in couple of minutes I will post results here:)

Do you have any more ideas what to mine the DB for?

Max_Evil 19:24 25 Aug 06

Finished! Got 1917 results, see them under 'creditcard' tag (http://www.aolpsycho.com/tag/675/creditcard). Not all are interesting... Let's see.

That's the regexp but the links I gave do an additional mathematical check called Luhn for validity.
There's an online one here:

http://javascript.internet.com/forms/val-credit-card.html

The number here is a Visa card that passes the Luhn check.

Max_Evil 19:35 25 Aug 06

Ok, I'll try to implement it in ruby and run through the dataset.

I suggest adding social security numbers.

Max_Evil 20:32 25 Aug 06

Well, I have run the suggested algorithm and filtered out 1508 users, whose queries did not pass Luhn check. So now we can believe that there are 411 users in the DB with leaked credit card numbers :-\ See http://www.aolpsycho.com/tag/675/creditcard

Max_Evil 20:34 25 Aug 06

Anonymous, can you give me a regex or algorithm to find SSNs?:)

There is no algorithm for SSNs but most people include the hyphens.