Cyble-Blogs-BidenCash

‘BidenCash’ Strikes Again: Over 1.2 Million Compromised Payment Cards Data Leaked

Global Credit and Debit Card Consumers at Risk

Introduction

On October 6, 2022 (EDT), Cyble Research & Intelligence Labs, during our routine monitoring exercise identified that the operators of the underground payment card shop dubbed ‘BidenCash’ released a dataset consisting of over 1.2 million credit and debit cards information on a notorious cybercrime forum mainly hosting Russian and English-speaking Threat Actors.

Figure 1: The screenshot uploaded by the ‘BidenCash’

Analysis of the Leaked Payment Cards Information

The leaked database includes 1,221,551 credit/debit card records consisting of – credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email, and phone number– impacting payment card consumers across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore. The database also includes the social security number information of payment card consumers in the United States.

Our detailed statistical analysis revealed that American Express (US) is impacted the most. The top fifty countries with affected consumers are the United States, India, Brazil, the United Kingdom, Mexico, Turkey, Spain, Italy, Australia, and China.

BANK NAMENUMBER OF CARDS LEAKED
AMERICAN EXPRESS (U.S.)157,829
FISERV SOLUTIONS, LLC24,491
U.S. BANK20,074
WELLS FARGO BANK18,818
FIFTH THIRD BANK18,007
ITAU UNIBANCO16,130
BANK OF AMERICA11,173
FIDELITY INFORMATION SERVICES, INC.10,767
JACK HENRY & ASSOCIATES10,553
BARCLAYS BANK DELAWARE7,669
ITAU UNIBANCO7,128
SYNCHRONY BANK7,005
JORDAN ISLAMIC BANK CO.6,377
METABANK6,116
CHASE BANK USA5,989
TRAVELLERS CHEQUE5,889
CAPITAL ONE BANK (U.K.)5,810
CAPITAL ONE5,652
JPMORGAN CHASE BANK5,411
BANCORP BANK4,621
CU COOPERATIVE SYSTEMS4,570
REGIONS BANK4,524
BANCORP BANK4,436
STANDARD CHARTERED BANK ZAMBIA LTD.4,265
BANK OF AMERICA4,208
ICBA BANCARD4,154
BANCO DO BRASIL4,111
STANDARD BANK OF SOUTH AFRICA, LTD.4,038
SHAZAM, INC.4,015
METABANK3,790
YORKSHIRE BANK3,787
NATIONAL MICROFINANCE BANK PLC3,495
CARD SERVICES FOR CREDIT UNIONS, INC.3,394
BANCO DEL BIENESTAR S.N.C. INSTITUCION BANCA DE DESARROLLO3,159
NETSPEND3,071
COMPUTER SERVICES, INC.3,069
CENTRAL TRUST BANK3,044
FIRSTRAND BANK, LTD3,043
COMPASS BANK2,995
AMERICAN EXPRESS (UK) – GLOBESTAR2,910
CREDIT AGRICOLE2,859
PSCU INCORPORATED2,843
BANCO SANTANDER (BRASIL)2,783
BANCO AZTECA2,771
CAIXA ECONOMICA FEDERAL2,615
INTERNATIONAL BANK OF COMMERCE2,520
CITIBANK2,472
NETSPEND ISSUED BY METABANK2,462
HSBC MEXICO2,401
BANCO BRADESCO CARTOES2,396
Top 50 impacted banks

A geographical distribution of payment card consumers in most affected countries follows:

COUNTRIESNO. OF CARDS LEAKED
UNITED STATES676,899
INDIA158,626
BRAZIL60,890
UNITED KINGDOM24,233
MEXICO21,156
TURKEY16,171
SPAIN14,993
ITALY13,391
AUSTRALIA12,671
CHINA12,664
Top 10 affected countries
Figure 2: Statistics of 1.2 million compromised cards – geographical distribution
CARD TYPENO. OF CARDS LEAKED
VISA601,446
MASTERCARD388,663
AMERICAN EXPRESS190,523
RUPAY25,303
CHINA UNION PAY10,281
ELO/DISCOVER1,603
MAESTRO1,275
ELO1,107
EBT294
CIRRUS269
DISCOVER240
JCB162
CABAL115
VISA/DANKORT91
FUEL CARD85
LOCAL BRAND38
MAESTRO/BANCONTACT18
PRIVATE LABEL14
TARJETA NARANJA9
NATIVA8
NSPK MIR1
Card types and number of cards leaked
Figure 3: Types of cards compared Number of cards

The emergence of the ‘BidenCash’ Shop

During 2021, the sale and purchase of payment cards and dump shops were largely facilitated by several shops such as Yale Lodge, Vendetta, and many others. However, our research found that the retirement of the largest payment cards shop ‘Joker Stash’ during the beginning of 2021 and law enforcement action on the other shops such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’, created a huge void in the underground marketplace. Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfil the illicit demand for compromised payment cards.

‘BidenCash’ established its presence in the underground in April 2022 and was known to be a relatively low-profile credit card shop. However, their marketing strategies, including the periodic release of the payment cards data for free, made them one of the most popular underground shops of the time.

In June 2022, BidenCash released over 7.9 million payment cards data dating from 2019 to 2022 on a cybercrime forum. However, out of those 7.9 million, only 6,581 records exposed credit card numbers in the database instead of the current leak.

Figure 4: Home page of the BidenCash shop

A similar strategy was earlier followed by the payment cards shop ‘All World Cards’ in August 2021, where they leaked a million payment cards to promote their marketplace. To know more, read our blog.

Conclusion

The subject release of the credit and debit cards data by BidenCash shop is one of the largest leaks of its kind on any of the cybercrime/underground forums in recent times. We have observed many Threat Actors that drive fraudulent transactions and purchases using compromised payment cards. The impacted consumers may face an increased risk of financial fraud due to the leaked information.

The banking organization and financial institutions are advised to maintain a dynamic monitoring process for payment card transactions to detect and mitigate fraud against consumers.

Scroll to Top