Global Credit and Debit Card Consumers at Risk
On October 6, 2022 (EDT), Cyble Research & Intelligence Labs, during our routine monitoring exercise identified that the operators of the underground payment card shop dubbed ‘BidenCash’ released a dataset consisting of over 1.2 million credit and debit cards information on a notorious cybercrime forum mainly hosting Russian and English-speaking Threat Actors.
Analysis of the Leaked Payment Cards Information
The leaked database includes 1,221,551 credit/debit card records consisting of – credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email, and phone number– impacting payment card consumers across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore. The database also includes the social security number information of payment card consumers in the United States.
Our detailed statistical analysis revealed that American Express (US) is impacted the most. The top fifty countries with affected consumers are the United States, India, Brazil, the United Kingdom, Mexico, Turkey, Spain, Italy, Australia, and China.
|BANK NAME||NUMBER OF CARDS LEAKED|
|AMERICAN EXPRESS (U.S.)||157,829|
|FISERV SOLUTIONS, LLC||24,491|
|WELLS FARGO BANK||18,818|
|FIFTH THIRD BANK||18,007|
|BANK OF AMERICA||11,173|
|FIDELITY INFORMATION SERVICES, INC.||10,767|
|JACK HENRY & ASSOCIATES||10,553|
|BARCLAYS BANK DELAWARE||7,669|
|JORDAN ISLAMIC BANK CO.||6,377|
|CHASE BANK USA||5,989|
|CAPITAL ONE BANK (U.K.)||5,810|
|JPMORGAN CHASE BANK||5,411|
|CU COOPERATIVE SYSTEMS||4,570|
|STANDARD CHARTERED BANK ZAMBIA LTD.||4,265|
|BANK OF AMERICA||4,208|
|BANCO DO BRASIL||4,111|
|STANDARD BANK OF SOUTH AFRICA, LTD.||4,038|
|NATIONAL MICROFINANCE BANK PLC||3,495|
|CARD SERVICES FOR CREDIT UNIONS, INC.||3,394|
|BANCO DEL BIENESTAR S.N.C. INSTITUCION BANCA DE DESARROLLO||3,159|
|COMPUTER SERVICES, INC.||3,069|
|CENTRAL TRUST BANK||3,044|
|FIRSTRAND BANK, LTD||3,043|
|AMERICAN EXPRESS (UK) – GLOBESTAR||2,910|
|BANCO SANTANDER (BRASIL)||2,783|
|CAIXA ECONOMICA FEDERAL||2,615|
|INTERNATIONAL BANK OF COMMERCE||2,520|
|NETSPEND ISSUED BY METABANK||2,462|
|BANCO BRADESCO CARTOES||2,396|
A geographical distribution of payment card consumers in most affected countries follows:
|COUNTRIES||NO. OF CARDS LEAKED|
|CARD TYPE||NO. OF CARDS LEAKED|
|CHINA UNION PAY||10,281|
The emergence of the ‘BidenCash’ Shop
During 2021, the sale and purchase of payment cards and dump shops were largely facilitated by several shops such as Yale Lodge, Vendetta, and many others. However, our research found that the retirement of the largest payment cards shop ‘Joker Stash’ during the beginning of 2021 and law enforcement action on the other shops such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’, created a huge void in the underground marketplace. Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfil the illicit demand for compromised payment cards.
‘BidenCash’ established its presence in the underground in April 2022 and was known to be a relatively low-profile credit card shop. However, their marketing strategies, including the periodic release of the payment cards data for free, made them one of the most popular underground shops of the time.
In June 2022, BidenCash released over 7.9 million payment cards data dating from 2019 to 2022 on a cybercrime forum. However, out of those 7.9 million, only 6,581 records exposed credit card numbers in the database instead of the current leak.
A similar strategy was earlier followed by the payment cards shop ‘All World Cards’ in August 2021, where they leaked a million payment cards to promote their marketplace. To know more, read our blog.
The subject release of the credit and debit cards data by BidenCash shop is one of the largest leaks of its kind on any of the cybercrime/underground forums in recent times. We have observed many Threat Actors that drive fraudulent transactions and purchases using compromised payment cards. The impacted consumers may face an increased risk of financial fraud due to the leaked information.
The banking organization and financial institutions are advised to maintain a dynamic monitoring process for payment card transactions to detect and mitigate fraud against consumers.