BidenCash, a new entrant in the underground carding business, has announced a 1-year anniversary promotion in which it is offering the data of 2 million credit cards for free.
This leaked dataset comprises credit card information sourced from various regions globally, with a considerable proportion of the cards issued in the following locations:-
- The United States
- The UK
It has come to light that the compromised data includes over 500,000 email addresses, each of which is linked to its corresponding credit card number and even the CVV code.
To make matters worse, all this sensitive information was in plain text, making it easy for unauthorized access and potential misuse.
Types of Data Involved
There are a number of cardholder details that have been leaked, including:-
- Full names
- Card numbers
- Bank details
- Expiration dates
- Card verification value (CVV) numbers
- Home addresses
It is a common practice for cybercriminals to trade stolen information via the dark web. However, in the case of BidenCash, the situation is unique as the individual responsible for managing the carding site has opted to release a massive amount of sensitive data into the public domain, which could have severe repercussions.
According to the report, It’s important to highlight that the screenshot mentioned above displays a whopping 260 MB of data that has been exposed. Furthermore, this leaked information has found its way onto a renowned Russian-language hacker forum, which could lead to further illicit activities.
It has come to light that malicious individuals, commonly referred to as threat actors, resort to procuring payment cards that have passed their expiry date to acquire additional details regarding potential targets.
The compromised data in question comprised a minimum of:-
- 740,858 credit cards
- 811,676 debit cards
- 293 charge cards
Debit cardholders face a comparatively greater degree of risk than credit cardholders because of varying fraud protection policies.
Records Leaked by Country
As a result of the data leaks, the following countries have the most records:-
- UNITED STATES: 965,846
- MEXICO: 97,665
- CHINA: 97,003
- UNITED KINGDOM: 86,313
- CANADA: 36,906
- INDIA: 36,672
- ITALY: 23,009
- SOUTH AFRICA: 22,798
- AUSTRALIA: 21,361
- BRAZIL: 19,700
Most Impacted Banks
Below is a list of the top ten most impacted banks in order of impact:-
- CHASE BANK USA, N.A.: 118,826
- BANK OF AMERICA, N.A.: 98,631
- WELLS FARGO BANK, N.A.: 62,650
- CAPITAL ONE BANK (USA), NATIONAL ASSOCIATION: 50,832
- CITIBANK N.A.: 47,851
- BANK OF AMERICA, NATIONAL ASSOCIATION: 35,249
- BBVA BANCOMER, S.A.: 28,296
- CAPITAL ONE BANK (USA), N.A.: 27,192
- Others: 1,696,173
The exposure of email addresses and complete personal information in the compromised data makes the affected individuals susceptible to a host of additional cyberattacks, such as:-
- Identity theft
Despite the expiration of their card details, the risks associated with these cards can persist for a considerable period of time.
As observed in the case of BidenCash, cybercriminals often engage in fraudulent activities by making use of illegally obtained credit cards, which they procure from online carding marketplaces. This is a common practice among malicious actors seeking to make a quick profit through illegal means.
Network Security Checklist – Download Free E-Book