Credit/Debit card data of half a million Indians up for sale on the Dark Web
It had been only three months, and Joker’s Stash is back in the news. Last November, Group IB of Singapore reported about 1.3 million credit and debit card records available on the Dark Web, and they are back even with another news. They have detected a database containing over 460,000 payment card records. It has been uploaded to one of the most popular Dark Web card shops—Joker’s Stash— on February 5.
Card data of half a million Indians for sale on the Dark Web
The estimated value of the database is SD 4.2 million, which converts to 22.68 crores in Indian money. Group-IB has reported this to the Indian Computer Emergency Response Team (CERT-In), so they can take the necessary steps.
The listing came under INDIA-BIG-MIX, which claimed to contain sniffed CVV with high validity claim of up to 80-85%. It provides card numbers, expiration dates, CVV/CVC codes. Some of the listings also include cardholders’ full name, associated emails, phone numbers, and addresses.
This is the second major leak of cards relating to Indian banks detected by Group-IB Threat Intelligence team in the past several months. In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.
Such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example. We have shared all the information discovered with our colleagues from CERT-In.
According to Group IB, one of the primary reasons behind the rise of this is the JS-sniffer. They enable operators to steal payment card data from eCommerce websites. Each of these card details is being sold for $9, and unlike last time there are no magnetic stripe details included in this. It is the reason why the chances are high that these data have been stolen online.
We have always asked our readers, and we want to ask them again, that instead of using the real card number, create a Virtual Credit card with a limited spend limit online.