Payment Card Information of Two Million Users Leaked by Dark Web Marketplace BidenCash
To mark its first anniversary, the carding platform BidenCash has released a free database containing 21,65,700 credit and debit cards on the internet.
While legitimate businesses celebrate their birthdays by offering discounts, cybercriminals like BidenCash mark their anniversaries by distributing stolen goods, as evident by their recent announcement of giving away credit card data.
The information that has been leaked consists of the complete names of the cardholders, along with their card numbers, bank information, expiry dates, and the card verification value (CVV) numbers. Additionally, the dataset contains the home and email addresses that are linked to the compromised cards.
The leaked data, which was first detected by Cyble researchers, is quite extensive and includes information on a minimum of 7,40,858 credit cards, 8,11,676 debit cards, and 293 charge cards.
While many of them were duplicates, there are still 21,41,564 unique payment cards among them, as confirmed by Andrea Draghetti, the Head of Threat Intelligence at D3Lab.
According to Draghetti’s statement to BleepingComputer, the enormous database also contains around 4,97,000 distinct email addresses, originating from over 28,000 different domains. This information could be extremely valuable as a tool for future targeted phishing scams or other fraudulent campaigns.
According to the threat intelligence firm Flashpoint, the carding shop has been operational since February 28, 2022, and has quickly climbed up the ranks to secure the fifth position in the total volume ranking.
Last October, the carding shop made available an additional dump of 1,221,551 credit cards for free. Similarly, as was observed this week, the criminals shared this information through a clearnet domain and multiple hacking and carding forums.
When D3Lab analyzed a random sample of the leaked credit cards at the time, they found that approximately 30% of them were “fresh,” meaning they could be used for committing financial fraud.