As security researchers have dubbed it as one of the most prominent cards dumps in history, 1.3 million Indian Payment cards are put up for sale on the Dark Web.
1.3 million Indian Payment cards leaked!
Group-IB, a security firm based in Singapore, found the dump on a site called Joker’s Stash, the internet’s largest carding shop.
The data upload contains files from Indian cardholders, which were skimmed from ATM devices and POS terminals.
The reason for suspecting this method is because the card dump includes Track 2 data, usually found on a payment card’s magnetic stripe. The presence of this kind of data automatically rules out skimmers installed on websites (Magecart attacks), where Track 1 and Track 2 is never used.
The hack of one bank has been ruled out as the dump has a variety of bank cards are present in the dumps. The data dump has Track 2 details, which can be used to clone cards and can be possibly be used to withdraw money from ATMs.
The researchers found the dump on October 28. Group-IB says some cards are being sold at $100, with a total value of the database estimated at over $130 million.
The dump is present on Joker stash has More than 98% belong to Indian banks, 1% – to Colombian, and more than 18% of the 550K cards that have been analyzed so far belong to a single Indian bank.
A similar thing had happened in February, around 2.15 million American cards were put up for sale on Joker’s Stash. The card dump was named “DaVinci Breach.”
As of now, the investigations are being held by banks to set up countermeasures to deal with the fallout.