NEW DELHI: CloudSEK’s contextual AI digital risk platform discovered a threat actor advertising a database of 1.2 Million cards for free on a Russian-speaking cybercrime forum called BidenCash. This follows a previous incident in which 7.9 million cardholders’ data was advertised on BidenCash in June 2022. The total number of impacted users across these two data leak incidents was over 9 million.
However, over the past few days, sections of the media claimed the data belongs to customers of SBI. CloudSEK report never claimed nor alluded to such claims.
The report covered leaked multiple Cardholders and Personally Identifiable Information (PII) belonging to Global Banks and Financial Institutions.
Prima facie, it appears that the data has been collated from previous card dumps, insecure third-party websites, or phishing sites and not directly from the institutions, as some records available in this incident were also seen previously.
What Is Bidencash
Last week BidenCash – a dark web carding market place created buzz by leaking 1.2 million credit card cards (1,221,551 card details), allowing anybody to download them for free and use them to commit financial crimes. All this was done to advertise their marketplace. This wasn’t the first time this Russian-speaking cybercrime forum dumped credit card details. Earlier, in June this year data of 7.9 million cardholders was advertised on the BidenCash website. So combined, 9 million data was made accessible by BidenCash to gain publicity.
The findings were part of a report by the threat intelligence team of AI-driven Singapore-headquartered CloudSEK. Their security researchers said this data was not taken by hacking any bank or due to a loophole in the security of banks. But these criminals steal or scrape this information from various techniques. Carding refers to the trafficking and usage of credit cards that have been stolen using point-of-sale malware, magecart assaults on websites, or information-stealing software.
Security researchers say that most of these cards come from web skimmers, and malicious scripts put into the checkout pages of hacked e-commerce sites and steal credit card and customer information.
What Does This Data Dump Include
The latest leaked database has 1,221,551 credit/debit card records, each of which has a credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email address, and phone number.
This affects payment card users worldwide, including in the US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore. The social security numbers of people who use payment cards in the United States are also in the database. Data from multiple Indian and Global banks were found in the dump.
Threat & Mitigation
The leaked Personally Identifiable Information (PII) could help threat actors pull off social engineering attacks, phishing attacks, and even identity theft. If they got their hands on card information, they could use it to buy things they shouldn’t or commit crimes like card trafficking, card cloning, or unauthenticated transactions.
Consumers can protect themselves from these kinds of data breaches by using virtual cards, which some banks offer and which users can just cancel, or single-use cards that are automatically erased after a single purchase. Use multi-factor authentication and keep an eye on your account to see if it does anything strange.