Global Credit and Debit Card Consumers at Risk
Introduction
On October 6, 2022 (EDT), Cyble Research & Intelligence Labs, during our routine monitoring exercise identified that the operators of the underground payment card shop dubbed ‘BidenCash’ released a dataset consisting of over 1.2 million credit and debit cards information on a notorious cybercrime forum mainly hosting Russian and English-speaking Threat Actors.
Analysis of the Leaked Payment Cards Information
The leaked database includes 1,221,551 credit/debit card records consisting of – credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email, and phone number– impacting payment card consumers across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore. The database also includes the social security number information of payment card consumers in the United States.
Our detailed statistical analysis revealed that American Express (US) is impacted the most. The top fifty countries with affected consumers are the United States, India, Brazil, the United Kingdom, Mexico, Turkey, Spain, Italy, Australia, and China.
| BANK NAME | NUMBER OF CARDS LEAKED |
| AMERICAN EXPRESS (U.S.) | 157,829 |
| FISERV SOLUTIONS, LLC | 24,491 |
| U.S. BANK | 20,074 |
| WELLS FARGO BANK | 18,818 |
| FIFTH THIRD BANK | 18,007 |
| ITAU UNIBANCO | 16,130 |
| BANK OF AMERICA | 11,173 |
| FIDELITY INFORMATION SERVICES, INC. | 10,767 |
| JACK HENRY & ASSOCIATES | 10,553 |
| BARCLAYS BANK DELAWARE | 7,669 |
| ITAU UNIBANCO | 7,128 |
| SYNCHRONY BANK | 7,005 |
| JORDAN ISLAMIC BANK CO. | 6,377 |
| METABANK | 6,116 |
| CHASE BANK USA | 5,989 |
| TRAVELLERS CHEQUE | 5,889 |
| CAPITAL ONE BANK (U.K.) | 5,810 |
| CAPITAL ONE | 5,652 |
| JPMORGAN CHASE BANK | 5,411 |
| BANCORP BANK | 4,621 |
| CU COOPERATIVE SYSTEMS | 4,570 |
| REGIONS BANK | 4,524 |
| BANCORP BANK | 4,436 |
| STANDARD CHARTERED BANK ZAMBIA LTD. | 4,265 |
| BANK OF AMERICA | 4,208 |
| ICBA BANCARD | 4,154 |
| BANCO DO BRASIL | 4,111 |
| STANDARD BANK OF SOUTH AFRICA, LTD. | 4,038 |
| SHAZAM, INC. | 4,015 |
| METABANK | 3,790 |
| YORKSHIRE BANK | 3,787 |
| NATIONAL MICROFINANCE BANK PLC | 3,495 |
| CARD SERVICES FOR CREDIT UNIONS, INC. | 3,394 |
| BANCO DEL BIENESTAR S.N.C. INSTITUCION BANCA DE DESARROLLO | 3,159 |
| NETSPEND | 3,071 |
| COMPUTER SERVICES, INC. | 3,069 |
| CENTRAL TRUST BANK | 3,044 |
| FIRSTRAND BANK, LTD | 3,043 |
| COMPASS BANK | 2,995 |
| AMERICAN EXPRESS (UK) – GLOBESTAR | 2,910 |
| CREDIT AGRICOLE | 2,859 |
| PSCU INCORPORATED | 2,843 |
| BANCO SANTANDER (BRASIL) | 2,783 |
| BANCO AZTECA | 2,771 |
| CAIXA ECONOMICA FEDERAL | 2,615 |
| INTERNATIONAL BANK OF COMMERCE | 2,520 |
| CITIBANK | 2,472 |
| NETSPEND ISSUED BY METABANK | 2,462 |
| HSBC MEXICO | 2,401 |
| BANCO BRADESCO CARTOES | 2,396 |
A geographical distribution of payment card consumers in most affected countries follows:
| COUNTRIES | NO. OF CARDS LEAKED |
| UNITED STATES | 676,899 |
| INDIA | 158,626 |
| BRAZIL | 60,890 |
| UNITED KINGDOM | 24,233 |
| MEXICO | 21,156 |
| TURKEY | 16,171 |
| SPAIN | 14,993 |
| ITALY | 13,391 |
| AUSTRALIA | 12,671 |
| CHINA | 12,664 |
| CARD TYPE | NO. OF CARDS LEAKED |
| VISA | 601,446 |
| MASTERCARD | 388,663 |
| AMERICAN EXPRESS | 190,523 |
| RUPAY | 25,303 |
| CHINA UNION PAY | 10,281 |
| ELO/DISCOVER | 1,603 |
| MAESTRO | 1,275 |
| ELO | 1,107 |
| EBT | 294 |
| CIRRUS | 269 |
| DISCOVER | 240 |
| JCB | 162 |
| CABAL | 115 |
| VISA/DANKORT | 91 |
| FUEL CARD | 85 |
| LOCAL BRAND | 38 |
| MAESTRO/BANCONTACT | 18 |
| PRIVATE LABEL | 14 |
| TARJETA NARANJA | 9 |
| NATIVA | 8 |
| NSPK MIR | 1 |
The emergence of the ‘BidenCash’ Shop
During 2021, the sale and purchase of payment cards and dump shops were largely facilitated by several shops such as Yale Lodge, Vendetta, and many others. However, our research found that the retirement of the largest payment cards shop ‘Joker Stash’ during the beginning of 2021 and law enforcement action on the other shops such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’, created a huge void in the underground marketplace. Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfil the illicit demand for compromised payment cards.
‘BidenCash’ established its presence in the underground in April 2022 and was known to be a relatively low-profile credit card shop. However, their marketing strategies, including the periodic release of the payment cards data for free, made them one of the most popular underground shops of the time.
In June 2022, BidenCash released over 7.9 million payment cards data dating from 2019 to 2022 on a cybercrime forum. However, out of those 7.9 million, only 6,581 records exposed credit card numbers in the database instead of the current leak.
A similar strategy was earlier followed by the payment cards shop ‘All World Cards’ in August 2021, where they leaked a million payment cards to promote their marketplace. To know more, read our blog.
Conclusion
The subject release of the credit and debit cards data by BidenCash shop is one of the largest leaks of its kind on any of the cybercrime/underground forums in recent times. We have observed many Threat Actors that drive fraudulent transactions and purchases using compromised payment cards. The impacted consumers may face an increased risk of financial fraud due to the leaked information.
The banking organization and financial institutions are advised to maintain a dynamic monitoring process for payment card transactions to detect and mitigate fraud against consumers.
