Security blogger Brian Krebs may have found a seller of data from Target payment card breach

NEW YORK — The security blogger who broke the news about a massive breach of payment card data at Target stores may have identified someone who's been selling the data.

In his Krebs on Security blog, Brian Krebs identified a Ukrainian man as someone allegedly selling the credit and debit card data, though there was no evidence that the man was behind the theft itself.

Krebs found the man by combing through online forums where stolen payment card data are sold, such as rescator.la, kaddafi.hk and cheapdumps.org and finding their owner, who uses the nickname Rescator.

Target confirmed last week that about 40 million credit and debit cards were hacked between Nov. 27 and Dec. 15. Target has been working with federal authorities to investigate the matter, but according to the New York Times, JPMorgan Chase notified customers who had used its cards at Target stores while the breach occurred that it would limit them to cash withdrawals of $100 per day and purchases of $300 per day, a move that would affect about 2 million accounts.