Home Features From Data Leak to Dark Web: What Happens to Your Stolen Credit...

From Data Leak to Dark Web: What Happens to Your Stolen Credit Card Data?

Cybercriminals obtain credit card or payment information mostly in two ways: after a data breach or via the e-skimming technique. Threat actors then advertise their illicitly acquired data on various dark web markets for sale.

From Data Breach to Darknet

There might be various cybercriminal activities operating online, but stealing users’ sensitive information and peddling it on darknet markets is the primary activity for most threat actors. Cybercriminals focus more on pilfering financial data like credit and debit card details, bank account numbers, and login credentials. A recent survey revealed that the rate of cyberattacks in the financial industry increased exponentially. Nearly, 65% of major financial services organizations have suffered a cyberattack in the last 12 months.

This article explains how attackers obtain financial data, what happens to stolen data, and how do criminals sell stolen credit card details on the dark web.

By Rudra Srinivas, Feature Writer, CISO MAG

 How do Attackers Obtain Financial Data?

Usually, threat actors obtain credit card or payment information in two ways: after a data breach and/or via the e-skimming technique. Scammers pilfer sensitive data by exploiting a vulnerability/unsecured database containing valuable data. For instance, consider the Capital One data breach. Attackers exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data of over 100 million individuals in the U.S. and approximately six million in Canada.

In an e-skimming attack, also known as Web-skimming or Magecart attack, adversaries inject malicious JavaScript code into website payment processing pages to steal payment card details from customers. The malicious code then collects the payment info from users while making purchases on the infected site. Recently, Magecart operators compromised over 2,000 Magento online stores and stole tens of thousands of customers’ personal information. They injected malicious code on the website checkout pages to exfiltrate payment information.

What Happens to the Stolen Data?

Ever wondered where your stolen financial data is moved? Well, it is mostly misused by attackers for their criminal activities or it ends up on the dark web for sale. Cybercriminals often use the stolen financial data to make fraudulent purchases online or to compromise other accounts via credential stuffing attacks. Most scammers obtain credit card numbers and other financial data from various darknet forums.

An investigation from security research firm Cyble disclosed that threat actors kept details of 80,000 credit cards on the darknet forum for sale in exchange for cryptocurrency. It was found that the stolen credit card details include both Visa and MasterCard users from various countries, including 33,000 credit card details from the U.S.; 14,000 from France; 5,000 from the U.K.; 2,000 from Canada; 1,200 from Singapore; and 1,300 from India. The exposed information included cardholder name, CVV code, billing details, and expiration date, which were selling at $5 per card, paid in cryptocurrency.

How do Criminals Sell Stolen Credit Card Details on the Dark Web?

Cybercriminals trade their illicitly acquired data on various dark web/hacking forums by advertising or leaking a sample of the data to lure other malicious actors in the community. Recently, adversaries illicitly obtained over three million customers’ credit card information after compromising Dickey’s BBQ Pit Point-of-Sale (POS) systems in 156 restaurant locations. Attackers posted the stolen data for sale on Joker’s Stash, a dark web marketplace that exclusively trades stolen card data. The hackers’ group advertised a massive collection of payment card details for sale, dubbed “BLAZINGSUN,” at $17 per card.

Dark Web – The Hackers’ Paradise

From gamers’ cheat codes to users’ login credentials, everything is traded on darknet markets.  Several new cybersecurity scams and malicious activities originate from these underground forums. Threat actors discuss and share knowledge on new hacking techniques and tools. Some senior threat groups even provide tutorials and share their attacking procedures to the budding hackers.

What’s the Worth of Your Stolen Data?

The stolen information is usually sold in exchange for Bitcoins. In some cases, cybercriminals leak the data they obtain on the dark web for free to threaten the victims in case they don’t receive the demanded ransom.

According to a recent investigation from Privacy Affairs, stolen users’ personal information like credit card details, online banking credentials, and social media logins are put up for sale on several darknet forums at low prices. Forged documents including passports, driving licenses, and auto-insurance cards are also available on these platforms. While online banking credentials cost an average of $35 on the dark web, credit card details including associated data are available for $12 to $20, respectively. Forged or counterfeit documents can be obtained for $1,500.

About the Author


Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.