Pierluigi Paganini
October 10, 2022
Operators behind the popular dark web carding market ‘BidenCash’ have released a dump of 1,221,551 credit cards to promote their underground payment card shop. Multiple security firms, noticed the promotional activity, but the news was first reported by threat intelligence firm Cyble and the Italian firm D3Lab.
It is a great gift to fraudsters that can download for free the dump and use it for fraudulent activities.
The announcement of the availability of the dataset consisting of over 1.2 million credit and debit cards information on a notorious cybercrime forum mainly hosting Russian and English-speaking Threat Actors.
The leaked data includes 1,221,551 credit and debit card records containing credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email, and phone number. The database also includes the social security numbers for cardholders in the United States.
According to threat intelligence Cyble, the payment card data belong to cardholders across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore.
“Our detailed statistical analysis revealed that American Express (US) is impacted the most. The top ten countries with affected consumers are the United States, India, Brazil, the United Kingdom, Mexico, Turkey, Spain, Italy, Australia, and China.” reads the analysis published by Cyble.
| BANK NAME | NO. OF CARDS LEAKED |
| AMERICAN EXPRESS, US | 150,663 |
| FISERV SOLUTIONS, LLC | 24,491 |
| WELLS FARGO BANK | 18,818 |
| THE FIFTH-THIRD BANK | 18,007 |
| ITAU UNIBANCO | 16,130 |
| U.S. BANK | 13,268 |
| BANK OF AMERICA | 11,173 |
| FIDELITY INFORMATION SERVICES, INC | 10,767 |
| JACK HENRY & ASSOCIATES | 10,553 |
| BARCLAYS BANK, US | 7,669 |
| COUNTRIES | NO. OF CARDS LEAKED |
| UNITED STATES | 676,899 |
| INDIA | 158,626 |
| BRAZIL | 60,890 |
| UNITED KINGDOM | 24,233 |
| MEXICO | 21,156 |
| TURKEY | 16,171 |
| SPAIN | 14,993 |
| ITALY | 13,391 |
| AUSTRALIA | 12,671 |
| CHINA | 12,664 |
Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding site was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.
According to Forbes, the administrator has amassed a billion dollars worth of Bitcoin with its activity.
After the retirement, other carding websites such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’ gained popularity in the underground marketplace.
“Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfill the illicit demand for compromised payment cards.” continues Cyble.
‘BidenCash’ was launched in April 2022 and was considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free increased rapidly increased its popularity.
In June 2022, BidenCash released over 7.9 million payment card data dating from 2019 to 2022 on a cybercrime forum. However, the dump only contained 6,581 records exposing credit card numbers.
Stolen payment card data are usually obtained through web skimming attacks.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, BidenCash)
[adrotate banner=”5″]
[adrotate banner=”13″]
Hacking / September 27, 2023
