“The world’s most valuable resource is no longer oil, but data,” The Economist. The cybercriminal community is well aware of this fact and that’s why every now and then we read about the trove of financial and personal data being sold on the dark web or random hacker forum.
In the latest, while taking a break from coronavirus related scams, cybercriminals are caught selling 400,000 payment detail (credit and debit card) records. These records were identified by Group IB – a cybersecurity company.
According to the company, the database is being sold on Joker’s Stash marketplace which happens to be one of the largest marketplaces for Carding on the internet.
Totaling 397,365; the records are from various financial organizations and can be broken down geographically as the following:
- 198,233 records are from South Korea: Approximately 49.9%
- 199,132 records are from the US: Approximately 49.3%
All of these are being sold for a price of $1,985,835 which translates to $5 per record. However, not all of these would work as is the case with such stolen data and so the hackers themselves have claimed only a 30-40% validity rate.
As seen from the above advertisement found for the database, there is no mention of South Korea which is strange considering that such accounts make up the majority of the records.
The importance of this stems from the fact that usually, we can find US-based records underground, however, the South Korean game is a new one with the researchers commenting,
“How it is the biggest sale of South Korean records on the dark web in 2020, which contributes to the growing popularity of APAC-issued card dumps in the underground.”
As seen from a snapshot of the records obtained below, they can be classified as containing track 2 information which contains the bank identification number, the account number, expiration date, and in some cases can also include the card verification value (CVV).
Moreover, although where this data originated from remains a mystery, it is likely that it may have been as a result of infected POS systems, from skimmed ATM machines or even infected payment merchant systems.
It is worth noting that Joker’s Stash is the same marketplace where millions of stolen Wawa credit card data, the largest database of Indian payment card records, and most recently half a million payment card records stolen from some of the largest banks in India were sold.
As for the latest listing, an intelligence analyst at Group-IB has stated how,
“Even though there is not enough information in this dump to make online purchases, fraudsters who buy this data can still cash out stolen records.”
Furthermore, attention should also be paid to the fact that attackers can create cloned cards using the data obtained to withdraw cash or make fraudulent purchases.
Concluding, the incident has been reported to the appropriate authorities, and action is already being taken. A good measure for users to employ would be to enable two-factor authentication for all online transactions using their credit/debit cards.
Nevertheless, if you are from these respective countries and believe that you may have been compromised, contacting your bank and obtaining their advice at this moment is highly recommended. You can also change your card pin or ask the bank to re-issue a new card. All of these would help keep your money safe.