Cybersecurity researchers at the Singapore-based firm Group-IB have identified data dump containing information about a whopping 1.3 million+ credit and debit cards. The data almost entirely (98%) belongs to Indian banking customers while the rest of the data belongs to banks in Columbia.
The data is up for sale on a website on the Dark Web after being uploaded by JokerStash hacking syndicate also known as Fin7. It is worth noting that in August last year, the group’s three main hackers were arrested by the FBI.
Researchers claim that the website where the database has been uploaded is selling data worth $130 million since each card record is offered at a flat rate of $100. The database is marketed under the label “INDIA-MIX-NEW-01” while the card records are categorized under the headings Track 1 and Track 2, which means the records include card’s magnetic strip information.
The magnetic stripe on a credit or debit card contains the name of the cardholder, card number and its expiry date, and most probably the CVV and addresses. It may also include information that the bank uses to prevent card fraud. It must be noted that Joker’s Stash specialized in selling/trading payment card details.
Group-IB CEO Ilya Sachkov stated in a blog post that this is the largest and most valuable stolen credit and debit card database that has been put up for sale so far considering that data dumps on the Dark Web belonging to Indian banks is very rare. Furthermore, in the past 12 months, this is the only big dump of stolen credit and debit cards from Indian banks.
“It is true that big payment data leaks have happened before; however, the databases are usually uploaded in several smaller parts at different times,” said Ilya Sachkov, CEO and founder of Group-IB, Singapore.
“This is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once. What is also interesting about this particular case is that the database that went on sale hadn’t been promoted prior either in the news, on card shop or even on forums on the dark web, Ilya added.”
Ilya further said that “the cards from this region are very rare in underground markets, in the past 12 months, it is the only big sale of card dumps related to Indian banks. Group-IB’s Threat Intelligence customers have already been notified about the sale of this database. The information was also shared with proper authorities.”
Sachkov also speculated that the card records can be used to create cloned cards for extracting cash.
The source of the data, which was identified on October 28, is yet unclear and so are the names of banks that have been compromised for the data, but, it is confirmed that 18% of the records are from a single Indian bank. According to Group-IB researchers, it is most likely stolen from ATMs or hacked point-of-sale systems.
Further probe revealed that the database listings are up to 95% valid; the information was independently verified by researchers and they concluded that the database contains authentic information. Group-IB has already notified authorities and its Threat Intelligence customers regarding the selling of stolen card data from Indian banks.
This, however, is not the first time when Joker’s Stash has uploaded a massive database on the dark web. In April last year, the group stole the payment card database of Saks and Lord & Taylor’s customers and sold in on the dark web.