Image from

Sonic Drive-In, a fast-food chain with an estimated 3,600 branches across 45 states in the U.S., has confirmed that they have suffered a breach in their store payment systems. According to an investigation by KrebsOnSecurity, the ongoing breach may have led to a sale of millions of credit and debit card accounts through cybercrime stores.

How it happened

The breach was discovered when Krebs heard from multiple financial institutions about a pattern of fraudulent transactions on cards. All the cards included in the fraudulent transaction were previously used to purchase in Sonic. After hearing this, banks were directly alerted by Krebs of a recent addition to 5 million credit and debit card accounts put on sale on September 18 in a credit card theft bazaar called Joker’s Stash.

To further investigate this, unnamed sources agreed to purchase batches of the accounts. True enough, the accounts have recently been used in Sonic locations. With the breach confirmed, Krebs directly contacted Sonic who replied promptly that they are already investigating “a potential incident.”

“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Although it’s unconfirmed how the credit card data were stolen, one of the ways hackers steal these types of data is by remotely accessing point-of-sale systems then injecting malicious software that copies the account data stored on the cards’ magnetic stripe. With the data stolen, they can easily clone the cards and use it to purchase merchandise from stores that allow credit card payments.

This type of breach is not new especially in the case of Wendy’s. The Wendy’s breach affected thousands of customers and persisted for almost nine months before it was stopped. A big contributor for Wendy’s breach was the fact that most of their branches were franchises and were not under corporate-owned branches resulting to them using third-party point-of-sale vendors for their payment card systems. Frighteningly, according to Sonic’s Wikipedia page, almost 90% of their branches are franchise-owned which opens the possibility that the same vulnerability with Wendy’s might have been abused again.

How Joker’s stash sells the credit cards

Joker’s stash sells the credit and debit accounts ranging from $25-$50 depending on different factors such as the type of card issues (Visa, MasterCard, etc.), card’s level (classic, standard, signature, gold, platinum, etc.), credit or debit card, and the issuing bank.

The cards have been indexed by city, state, and ZIP code and buyers can only buy the cards indexed near where they live. This geographic specificity is used to bypass the bank’s common anti-fraud defenses where they block cards that are logging out-of-state transactions.

Is my card breached? What do I do?

The investigation led by Sonic and the law enforcement agencies are currently in the early stages and it is not yet known which locations and cards were breached. However, if your bank offers it, you should replace your credit or debit card with a chip-based card. These chip-based cards are more expensive and difficult to counterfeit which discourages the people from doing criminal activity. Hackers are usually more attracted to non-chipped cards and retailers as these are very easy to counterfeit and hack.


Unfortunately, credit and debit cards are not the only ones vulnerable to being breached and hacked. Your online accounts like Facebook, Twitter, and LinkedIn are also prime targets for hackers. In fact, a lot of breaches on online accounts have happened in the past few years without you noticing. Scan your email with LoginAlarm and know if your accounts are breached. Get your free scan here.

Do hackers have your account? Get a FREE scan at now.



2020 LoginAlarm. All rights reserved

Do hackers have your password?