The credentials of over 1 million credit card holders have leaked online as part of a marketing ploy by a dark web site. A report from BleepingComputer shows that the BidenCash carding marketplace published a database showing credentials from 1.2 million+ credit cards, which are now available online.
Included in the dump are card numbers, account holder names, banks, card types, email addresses, physical addresses, phone numbers, social security numbers, expiration dates, and CVV numbers. Yes, just about everything someone would need to purchase items online using the card.
As well as the obvious risk of financial fraud, the data provides enough for a threat actor to steal the identity of those involved. Many of the cards are active with expiration dates between 2023 and 2026.
The database went live last Friday and is still active. Of the 1.2 million cards, around 30% are estimated to still be active, so over 350,000 cards are at risk.
This seems to be a worldwide risk, with cards from dozens of countries on the list. However, the countries most affected by the dump are the United States, followed by India, Iran, Greenland, Bolivia, and Venezuela.
In total, 1,221,551 cards were breached in the database. In a strange twist, the dump was all for marketing, with BidenCash pushing itself to cybercriminal with the sort of information they would flock to.
As BleepingComputer reports, the dark web carding site was recently hit by a major distributed denial of service (DDoS) attack. That meant the site needed to create new URLs and reach out to users again.
There is nothing quite like dumping the financial and personal details of millions of people to get attention from the threat community.
Tip of the day: Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows.