Posted on August 21, 2021 at 10:21 AM
A million stolen credit cards emerge on the dark web as part of the hackers’ marketing campaign
A massive new development saw the publishing of one million stolen credit cards completely for free in a new hacking campaign called ‘a promotion of unprecedented generosity.’ Essentially, online criminals have been trying to promote a new criminal marketplace, and they did so by releasing information about a million credit cards to anyone willing to misuse them.
The report regarding the new incident came from D3Labs, an Italian cybersecurity firm that recently discovered a new dark web carding site run by online criminals. The site is known as AllWorld[.]cards, and it was launched only a few months ago, in early May 2021.
A few weeks later, in early June, the promotion of the new carding site kicked off, as reported by another cybersecurity company, Cyble. As for D3Labs’ report, it indicates that hackers are publishing credit card data in order to attract other cybercriminals. This functions as an invitation to come and buy more stolen information. Of course, if one million stolen credit cards is only an invitation, then the actual amount of stolen content available for purchase must be massive in size.
Details about the stolen cards
The platform has grown massive in size already, and recent reports show that it has over 2.5 million stolen credit cards. The cards can be bought at a price between $0.30 and $14.40 per piece. According to what is known, more than 1.1 million available cards have been stolen from US users. Most of the cards, however, were stolen between 2018 and 2019, meaning that it is very difficult to determine how many of them may still be active.
The threat actor claims that 27% still work, while Cyble seems confident that that percentage is even lower — around 20%. D3Labs’ assessment is that 50% of the cards have not been compromised, so the situation might be better than originally believed. Even so, this is a massive undertaking that is going to affect hundreds of thousands of people from all over the world.
The stolen cards can expose a lot of sensitive data, such as credit card numbers, expiration dates, CVV numbers, personal information such as names, email addresses, phone numbers, and even countries, states, cities, addresses, and even zip codes. All of this info can be used against people by online criminals, and it is likely that it is already happening on a major scale.
Most of the cards have, of course, been issued by Visa (nearly 49%) and Mastercard (almost 48%), but a portion was issued by other providers, including Rupay (~2%), Amex (~1%) and Discover (~1%). Furthermore, more than 76% of the published cards were not actually credit, but debit cards. But, almost all of the stolen credit cards (98.09%) had a real BIN, that was or still is associated with the issuer.
Cyble’s report also revealed that the cards come from a variety of banks, including Banco Santander, JPMorgan Chase, the State Bank of India, BBVA Bancomer S.A., and the Commonwealth Bank of Australia. The highest number of victims is from India — around 20% — while the others are from Mexico and US (both 9%), Australia (8%), Brazil and South Africa (both 7%), followed by the UK (4%), and more.
How did the hackers get the card data?
Uriel Maimon, PerimeterX’s senior director of emerging technologies, warned that this is an extremely dangerous issue that can and likely will impact consumers in a very serious way. Hackers are likely using bots to test the stolen cards’ details on various merchant sites, and those that prove to be valid and operational get the funds retrieved from any associated account, or they engage in purchasing gift cards in order to convert them into valuable goods, most commonly computers, phones, and TVs.
After that, the products are sold via anonymity-friendly eCommerce websites, allowing criminals to make a profit. This makes it more important than ever for the affected banks’ users to keep a close eye on their records and check their bank statements. It is imperative to immediately report any unknown transactions and help the authorities uncover any suspicious activity.