Security researchers from Group-IB, a Singapore-based cybersecurity company, recently discovered a database containing 397,365 payment card records uploaded on a Darknet forum for sale. The researchers stated that the card records were related to South Korean and the U.S. banks, valued up to $2 million on Joker’s Stash, an infamous underground marketplace. It was found that the database mainly contains Track 2 information of the credit and debit cards, including magnetic stripes of the cards, which contain the bank identification number (BIN), the account number, expiration date, and CVV numbers.
While the source of the database remains unknown, Group-IB stated that 49.9% of card details (198,233 items valued at $ 991,165) were from South Korean banks and financial organizations and 49.3% were related to the U.S. banks and financial entities.
Advertisement of Data Dump on Joker’s Stash
“During cardshop monitoring Group-IB Threat Intelligence system has detected a database under the name «SCARFACE-DISCOUNT-SALE-5USD (fresh skimmeD): USA (STATES MIX + few EU) TR1 + TR2/TR2, VALID 30-40%, uploaded 2020-04-09 (NON-REFUNDABLE BASE)» released and put up for sale on April 9. Joker’s Stash — the infamous underground marketplace — put a USD 1,985,835 price tag on the set, at USD 5 apiece, and announced that dump had 30-40% valid rate,” Group-IB said.
Payment Card Details Kept For Sale
Group-IB notified the incident to the national CERTs and financial organizations in South Korea and the U.S. and are working closely with its partners in these countries to investigate on the incident.
Shawn Tay, Senior Threat Intelligence analyst of Group-IB, concluded, “Even though, there is not enough information in this dump to make online purchases, fraudsters who buy this data can still cash out stolen records. If a breach is not detected promptly by the card-issuing authority, crooks usually produce cloned cards (white plastic) and swiftly withdraw money via ATMs or use cloned cards for illicit in-person purchases.”
Joker’s Stash – A Hacker’s Marketplace
There were multiple incidents where hackers traded stolen cards’ data on Joker’s Stash. Recently, threat intelligence firm Gemini Advisory revealed that hackers kept payment card details of Wawa’s customers on Joker’s Stash. In an official statement, Wawa confirmed that hackers tried to sell customers’ card information that breached in the security incident occurred on December 10, 2019. The data belonged to 30 million Americans and over one million foreigners from more than 100 different countries.