Money is in data, and if that data is Credit Card number, its even better. But sadly that’s, not a good thing in the hands of the wrong people. Group-IB, a Singapore-based cybersecurity company, has revealed that they have detected an enormous database holding more than 1.3 million credit and debit card records of mostly Indian banks’ customers was uploaded to Joker’s Stash on October 28. While the data has not been uploaded completely, an estimated value is more than $130 million. That’s almost $100 per credit card details. If you are wondering what Joker’s Stash is, then it’s one of the most notorious underground card shops on the Dark Web.
1.3 million Indian bank users & credit card details leaked
Credit Card data getting stolen is not new in India. We have seen a lot of stories reported where the ATMs are hijacked to steal number and password, and Credit Card being duplicated. Even though most of the consumers have started protecting their cards with OTP and limiting the value, it’s still not safe for international online transactions. The database contains both debit and credit cards, which confirms that a lot of data might have been coming from ATM hacks — Card skimming and PIN theft. The data includes card details from multiple banks, which rules out any doubt of a particular bank is a target.
The database under the name “INDIA-MIX-NEW-01” (full name: “ INDIA-MIX-NEW-01 (fresh skimmeD INDIA base): INDIA MIX TR1+TR2/TR2, HIGH VALID 90-95%, uploaded 2019-10-28 (NON-REFUNDABLE BASE”) has been on sale on one of the most notorious underground card shops, Joker’s Stash, since October 28, 2019. The database contains only credit and debit card dumps Track 2, while its name suggests that it holds both Track 1 and Track 2 records. Track 2 dumps can be used to produce cloned cards for further cashing out.
What are Track 1 and Track 2 records?
On the reverse of any credit card, there is a magnetic stripe. These magstripes have three tracks, which include card data in an encrypted format. They contain enough information that if they are duplicated, they can be used to swipe. The reader needs to have both the data intact for the transaction to work.
Coming back to the new, Ilya Sachkov, CEO and founder at Group-IB, comment that, surprisingly, there was no effort made to promote the deal or create a buzz in the dark web. He also commented that the amount of data uploaded as the sample is more significant compared to what is usually noticed.
Nevertheless, it’s a good idea to keep your card secure all the time and start making a habit of using Virtual Credit card with limited spend limit online.