Recently we have covered a lot of news about hacking and cracking, but this is something different from all of that news. Here we have found that more than 4.5 lakh’s Indian Credit and Debit cards users data is for sale on Dark Web.
Fresh Indian Debit, Credit card Records on sale in the Dark Web
A fresh database of 461,976 payment card records is on sale on Joker’s Stash, a popular card shop in the dark web. A cybersecurity company Group-IB is specialising in preventing cyber-attacks which disclosed the database. They say, more than 98% of the database is on sale, and the cards were issued by Indian Banks.
As of now, the source is unknown. All the records of the card were uploaded on February 5. According to Group-IB, the total estimated value of the database is USD 4.2 million. Till now, 16 cards details were sold. Whoever buy these cards have the intention of committing payment card fraud.
However, the company has already alerted India’s Computer Emergency Response Team (CERT-In). If the CERT-In takes some steps, we will know from the updates.
In India, there is a sharp rise in digital payments and lack of a similar rise in awareness of the practices to use Payment cards safely. India has become an attractive place for bad elements online.
According to Group-IB, this latest crime has, “exposed card numbers, expiration dates, CVV/CVC codes and, some additional information like cardholders’ full name, as well as their emails, phone numbers and addresses.”
This is the second database of Indian Payment Card details which Group-IB has detected from October. At that time, 1.3 million credit and debit card records were uploaded to Joker’s Stash, and most of them were Indian banks’ customers. The cards which were uploaded were of the estimated underground market value of USD 130 million.
Dmitry Shestakov, a head of Group-IB cybercrime says, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”
They also say, not like earlier breaches what “defines the new database from its ancestor is the fact that the cards were compromised online.
Dmitry Shestakov adds and says,
“such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.