Cybercriminals often monitor users’ financial activities to steal information that can be used to open fake accounts. They also trade sensitive financial data such as credit/debit cards numbers, CVV, and other bank details on darknet forums. Recently, Cybersecurity researchers from Group-IB detected a post in which threat actors exposed compromised card details on various darknet forums, including crdclub and xss. Advertised as AW_cards, the post connects to a file containing over one million records of stolen credit and debit card details belonging to over 1,000 banks across 100 countries, including India, the U.S., Mexico, Australia, and Brazil.
Financial Data Exposed
According to Group-IB, the leaked database contained a password-protected zip archive text file comprising one million records of data such as card numbers, expiration dates, CVV/CVC codes, name of the cardholder, Country, State, City, address, Zip code, email IDs, and phone numbers. The database contained 810 expired cards, and 27,112 cards are set to expire in August 2021.
Multiple Cards Data Impacted
According to the research findings, over 200,000 (22%) compromised cards were belonged to the Indian banks, followed by Mexico (9%), the U.S. (9%), and Australia (8%). Nearly 77% of the cards in the database were debit cards, and 23% were credit cards. Cards from multiple payment system services were exposed in the incident, including Visa (48%), Mastercard (47%), RuPay (4%), and American Express (1%).
Advertising New Carding Forum
Researchers claimed that the attackers were trying to advertise their newly established carding forum All World Cards, which provides services like trading stolen card details, identity theft, and currency counterfeiting.
“The alleged owners of the card shop had launched a massive promo campaign in the underground to advertise their new platform, which, in addition to a huge database giveaway, included a writing contest for other cybercriminals with a cash prize of USD 15,000. This post analyzes the latest one million stolen bank card record database as well as the short history of the All World Cards card shop and the activity of its alleged owners who are most likely not the newbies of the carding business,” Group-IB researchers said.