Hackers searching stolen data of credit cards

Hackers searching stolen data of credit cards

On the Dark Web, stolen credit card databases continue to be some of the most valuable commodities for hackers and cybercriminals. And now the biggest credit card database of all time – a whopping 1.3 million cards in total – is now for sale on one of the Dark Web’s most notorious underground marketplaces, known as Joker’s Stash. For cyber thieves looking to get their hands on stolen credit card details, the latest data dump is a treasure trove, filled with all of the information needed to make online banking transactions or create cloned versions of the bank cards. According to Singapore-based cybersecurity firm Group-IB, which discovered the stolen credit card database, this is now the biggest single card database ever for sale on the Dark Web. The market value of this credit card database is $130 million.

Unlike other stolen credit card databases that eventually end up on Joker’s Stash, this credit card database is comprised almost entirely of cards from Indian bank customers. According to Group-IB, 98 percent of the stolen credit card database information is from Indian banks, with another 1 percent from Colombian banks. While Group-IB did not disclose the exact identities of the Indian banks involved in the massive data breach, it did note that nearly one-fifth (18%) of the stolen credit card database information was from a single Indian bank. As Ilya Sachkov, CEO and founder of Group-IB, notes, such a credit card database comprised almost entirely of records from the Indian region is extremely rare.

The stolen credit card dump is also unique in terms of the overall size and scope of the database. Most credit card database dumps, for example, are much smaller in size, and are usually introduced in smaller tranches at a time. In this case, though, the hackers are clearly looking to make as much money as possible, as quickly as possible. The list value of each card in the credit card database is $100. According to the information that the hackers posted on Joker’s Stash, the cards have a validity rate of 90-95 percent. This suggests that the stolen credit card data was acquired very recently (probably within the past 12 months), such that all of the key details needed to use the cards have not changed.

Based on screenshot images posted to Joker’s Stash, it appears that the fraudsters are including both Track 1 and Track 2 card information, which means that the credit card thieves are in possession of the magnetic stripe information of the cards. This information is very valuable for cybercriminals because it includes all of the data (brand, card level, expiration date and CVV code) needed to make transactions online and  if cybercriminals are looking to pull out cash from ATM machines with the cards, then they have all the data needed to make cloned versions of the cards.

      _Hackers posted on Joker’s Stash