As of today, 16 payment cards have already been bought by unknown parties from Joker’s Stash marketplace.
Last year in October, HackRead reported how hackers on an infamous dark web marketplace called Joker’s Stash were selling one of the largest collections of financial records including more than 1.3 million credit and debit cards (worth $130 million) belonging to Indian banking customers.
Now, the same marketplace has a new listing in which hackers are offering yet another trove of financial data and its victims remain the same i.e. unsuspecting banking customers in India.
The IT security researchers at Group-IB have identified a listing in which hackers are offering more than 461,976 payment card records stolen from some of the largest banks in India. Each card is being sold for $9.
According to Group-IB Threat Intelligence team, these records contain credit/debit card numbers, their CVV/CVS codes, and expiration dates. Furthermore, the full names of cardholders, their email addresses along with phone numbers and physical addresses are also part of the data.
The listing labeled “INDIA-BIG-MIX” (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%” was originally uploaded on February 5th, 2020 and HackRead can confirm that it is still up for sale.
Although it is unclear who is behind the listing, Group-IB has already informed the Indian Computer Emergency Response Team (CERT-In). However, it will be crucial how targeted banks will tackle the situation since as of February 6th, 16 card records were already bought by unknown parties.
In a blog post, Dmitry Shestakov, Head of Group-IB сybercrime research unit wrote that,
This is the only big sale of Indian cards’ CC data detected for the past 12 months, since in the previous India case, card dumps — the information contained in the card magnetic stripe — were put up for sale. What distinguishes the new database from its predecessor is the fact that the cards were likely compromised online.”
Group-IB estimates that the underground market value of the database is estimated at more than USD 4.2 million. This, not only indicates that cyber crime has become lucrative but also highlights the fact that the biggest banks and corporations can fall for it anytime.
It is worth mentioning that Joker’s Stash is the same marketplace where last week, stolen Wawa data of roughly 30 million customers was being sold. Nevertheless, for banking customers in India, keep an eye on your transactions and contact your bank before cybercriminals siphon off your money.