security: does router needs to be updated?

[RSC]

My CC was recently hacked. I am using the default router rented by Sonic - model 4111N -
loaned to me 1.8 years ago. From a security standpoint, how important it is for the router
to be updated? If I need to do something, then can you point me to a wiki page/forum post that
explain how? Or do the router auto update?

Thank in advanced for your help

RSC

[parker_day]

It's much more likely that your credit card number was compromised when you swiped it somewhere. I had a card compromised that I had only used one time (via a gas station pump in San Francisco) and had never used for an online purchase. Excuse the hyperbolic video but it has some good examples of skimming: https://www.youtube.com/watch?v=G_aH50Tn8Fo

About your Sonic supplied 4111N, it is managed by Sonic. You should be receiving security updates automatically.

[dane]

Bingo.

Router that are not updated are really an issue across the internet, and this is one reason Sonic takes responsibility for managing and remotely updating this equipment, as part of our end-to-end plan. From WiFi on your couch to the household wiring to the router security and internet connection, the goal is to take care of all of that for you.

[RSC]

Thank you for responding. I asked because my geeky brother-in-law always updating his router. I'm glad that
Sonic is doing it.

This was my online card. Also, security on Window OS machines is a joke - I use linux-based OS. Most likely one
of merchants I used got hacked.

RSC

[virtualmike]

I work for a City, where certain employees are issued cards to use for City business. We've actually had several incidents where cards had charges on them even before the employees received them!

Apparently, the crooks have been able to figure out the card numbers and likely expiration dates, and they use the cards in swipe machines, which don't have the encryption used by the chip.

[racerlupine]

The first 8 digits on a card identify the bank and issuer. I wonder if you could just brute-force some working card numbers and expiry dates and fill in some other info afterward. I wonder if that's how those city cards were compromised. Or maybe it was just common-or-garden identity theft at the top of the chain.

RACER

[virtualmike]

Actually, first 6 digits identify the issuer. Next 6 digits are the individual's account number. Last 4 digits are a checksum of the previous 12 digits. One can find any number of checksum generators online.

Thus, if you know the 6 digits for the card issuer, you can make an educated guess on the next 6, and use a generator to calculate the remaining 4. Make a similar educated guess for the expiration date.