The dark web marketplace BidenCash has leaked a database that contains 2,165,700 debit and credit cards for its first anniversary. The millions of information revealed were even advertised to celebrate the marketplace's first anniversary.
The Leak is Free for All
BidenCash's celebratory announcement stated that they were thrilled to have reached their first anniversary as an online store. It thanked its customers for choosing its store and trusting them to provide "quality products and excellent service."
The massive number of payment cards released was comprised of at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards. Although some were duplicates, that still leaves 2,141,564 unique cards, says D3Lab Head of Threat Intelligence, Andrea Draghetti.
Along with the cards within the dataset were names, emails, phone numbers, and addresses. Card information such as CVV codes and the cards' expiration dates which go up to 2052 was also included, as mentioned in Bleeping Computer.
Aside from the risk of having payment card information exposed to the public, there's also the threat of phishing scams given that around 497,000 unique email addresses were leaked, which totals 28,000 unique email domains, Draghetti mentioned.
Although the validity of the leaked cards is yet to be confirmed, there are still a number of scams that cybercriminals can use the information for like identity theft and other scams, even after the credit and debit cards expires.
Around 30% of the randomly picked credit cards were analyzed by D3Lab at the time, and it turned out to be usable, which means cybercriminals or fraudsters are fully capable of using them.
Affected Cards
Cyble analyzed the leaked records and release a breakdown of the number of cards in each country and bank, which is as follows:
Countries:
United States: 965,846
Mexico: 97,665
China: 97,003
United Kingdom: 86,313
Canada: 36,906
India: 36,672
Italy: 23,009
South Africa: 22,798
Australia: 21,361
Brazil: 19,700
Banks:
Chase Bank USA, N.A.:
- 118,826
Bank of America, N.A.:
- 98,631
Wells Fargo Bank, N.A.:
- 62,650
Capital One Bank (USA), National Association:
- 50,832
Citibank, N.A.:
- 47,851
Bank of America, National Association:
- 35,249
BBVA Bancomer, S.A.:
- 28,296
Capital One Bank (USA), N.A.:
- 27,192
Others:
- 1,696,173
Carding Market
BidenCash is in the business of carding, which is a term for a type of credit card fraud where the card is used to charge prepaid cards, making them virtually untraceable so cyber criminals can perform fraudulent acts undetected.
As mentioned in the Payments Journal, there are two types of carding in the market. Either the card information such as the cardholder's name, the card number, and the expiration date is given in text format, or card dumps that hold information from the card's magnetic stripes.
BidenCash is able to steal sensitive information through two methods. First is data-stealing malware, which can be found all over the web and can be installed if the user is not careful, and then there's point-of-sale devices.
