Jump to content
  • BidenCash market leaks over 2 million stolen credit cards for free

    alf9872000

    • 451 views
    • 3 minutes
     Share


    • 451 views
    • 3 minutes

    A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.

     

    Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible.

     

    According to Cyble researchers who first spotted it, the leaked information is extensive, with details on "at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards."

     

    Out of these, tens of thousands were duplicates, but there are still 2,141,564 unique ones, according to D3Lab's Head of Threat Intelligence, Andrea Draghetti.

     

    The dataset contains personally identifiable information such as names, emails, phone numbers, home addresses, and payment card details, including card expiration dates and CVV codes, with the cards' expiration dates going as far out as 2052.

     

    BidenCash_carding_shop_free_leak_2023.jp

    BidenCash free credit card leak (Cyble)

     

    Draghetti told BleepingComputer that the massive database also includes roughly 497,000 unique email addresses, totaling more than 28,000 unique email domains, which could prove priceless as ammunition in future targeted phishing scams and other fraud campaigns.

     

    "We are thrilled to have reached our first year anniversary as an online store, and we couldn't have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products and excellent service," BidenCash's announcement read.

     

    "We are proud to have you as a customer, and we look forward to continuing to serve you in the coming years. Your loyalty and trust are what motivate us to keep improving and growing our business."

     

    While the researchers couldn't tell BleepingComputer how much of the information leaked online for free by BidenCash is valid, the risk of it being used by fraudsters and cybercriminals can't be underestimated.

     

    "The presence of email addresses and full information (commonly referred to as "Fullz" by cybercriminals) will make the victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details," Cyble said.

     

    Records Country
    965846 UNITED STATES
    97665 MEXICO
    97003 CHINA
    86313 UNITED KINGDOM
    36906 CANADA
    36672 INDIA
    23009 ITALY
    22798 SOUTH AFRICA
    21361 AUSTRALIA
    19700 BRAZIL

    Most records leaked by country (Cyble)

     

    The carding shop has been active since February 28, 2022, reaching the fifth spot by total volume in a ranking created by threat intel firm Flashpoint.

     

    This is also not the first time BidenCash has used free credit card leaks for promotion, seeing that such "marketing" tactics have always been a part of the carding marketplace world.

     

    In October, the carding shop released another free dump of 1,221,551 credit cards, and, just as it happened this week, the crooks distributed it via a clearnet domain and various other hacking and carding forums.

     

    Roughly 30% out of a random sampling of the leaked credit cards that were analyzed D3Lab at the time turned out to be "fresh" (usable for financial fraud).

     

    Another carding marketplace, All World Cards, similarly promoted itself in August 2021 when it leaked 1,000,000 credit cards for free on various hacking forums.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...