Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Aussie payment data among 1.2m credit card details leaked on dark web

To promote their dark web stolen credit cards marketplace, malicious actors BidenCash have leaked 1,221,551 credit card details available for hackers to access and download for free.

user icon Nastasha Tupas
Thu, 13 Oct 2022
Aussie payment data among 1.2m credit card details leaked on dark web
expand image

The dark web database of credit card information published by BidenCash reportedly includes more than 12,000 from Australia, according to Cyble's Research and Intelligence Labs.

BidenCash is a stolen cards marketplace which launched in June 2022, which has announced the stolen payment details is a promotional move, similar to the "All World Cards" leak in August 2021.

The malicious cyber actors have touted the leak as a "special event offer" that had been spotted by Italian security researchers at D3Lab, who monitors carding sites on the dark web.

============
============

The credit card dump announcement was made on new URLs, which BidenCash launched late last month in response to DDoS (distributed denial of service) attacks. Security analysts suspect this could be a way to promote the new shop domains. The cards impacted are mostly VISA, Mastercard and American Express cards.


The dump of 1.2 million credit cards includes the following credit card and associated personal information:

  • Card number
  • Expiration date
  • CVV number
  • Holder’s name
  • Bank name
  • Card type, status, and class
  • Holder’s address, state, and ZIP
  • Email address
  • SSN
  • Phone number

According to a BleepingComputer report, the details listed are not available for all 1.2 million records, but most entries contain over 70 per cent of the data types.

Security analysts believe the card details were stolen by web-skimmers, malicious code designed to infect hacked websites and e-commerce sites built to steal submitted credit card and customer information. The practice, otherwise known as "carding", is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware.

Cyble's Research and Intelligence Labs also noticed the BidenCash debit and credit card data "giveaway" during a routine monitoring exercise.

Based on Cyble's analysis, the top 10 impacted countries are:

  • United States – 676,899
  • India 158,626
  • Brazil 60,890
  • United Kingdom 24,233
  • Mexico 21,156
  • Turkey 16,171
  • Spain 14,993
  • Italy 13,391
  • Australia 12,671
  • China 12,664

Cyble researchers have noted that the credit and debit cards data published by BidenCash shop is "one of the largest leaks of its kind" on any of the cyber crime or underground forums recently.

"Our detailed statistical analysis revealed that American Express (US) is impacted the most.

"The top 50 countries with affected consumers are the US, India, Brazil, the UK, Mexico, Turkey, Spain, Italy, Australia, and China," Cyble added.

Banking organisations and financial institutions should maintain a dynamic monitoring process for payment card transactions, Cyble researchers suggest, in order to detect and mitigate fraud against consumers.

"We have observed many threat actors that drive fraudulent transactions and purchases using compromised payment cards.

"The impacted consumers may face an increased risk of financial fraud due to the leaked information," Cyble researchers said.

[Related: Electric vehicle charging a cyber risk to the national energy grid]

Nastasha Tupas

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.