Mar 06, 2023 16:00:00

Dark site 'BidenCash' releases 2.16 million credit cards for free at '1st anniversary'

It turned out that

BidenCash , a dark web marketplace where stolen card information is traded, leaked a database of 2,165,700 credit and debit cards for free to commemorate the first anniversary of its establishment. bottom.

Cyble — Over 2 Million Cards Leaked By BidenCash
https://blog.cyble.com/2023/03/01/over-2-million-cards-leaked-by-bidencash/

BidenCash Dumps 2.1 Million Stolen Credit Cards | Flashpoint
https://flashpoint.io/blog/card-shop-threat-landscape-bidencash-dumps-stolen-credit-cards/

BidenCash market leaks over 2 million stolen credit cards for free
https://www.bleepingcomputer.com/news/security/bidencash-market-leaks-over-2-million-stolen-credit-cards-for-free/

BidenCash leaked more than 2 million card information on February 28, 2023, saying, ``To our valued customers, we are very excited to be able to celebrate our first anniversary as an online store.'' I made it clear that The database exposed by BidenCash was spread through a Russian-speaking cybercrime forum called “XSS”.

According to Cyble, a cybersecurity company that first reported this case, the database contains at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards (a type of credit card). It was said that it was. In addition to card information, it contained a large amount of personal information such as names, e-mails, phone numbers and addresses. As such, it has been suggested that these data are very useful for criminals conducting phishing attacks and the like.

The heat map showing the areas with many victims is as follows.

The leaked data included card information stolen from all over the world, including about 960,000 cases in the United States, about 100,000 cases in Mexico and China, and about 90,000 cases in the United Kingdom. rice field.

About 70% of the cards expired in 2023, but some were valid until 2052 at the longest. “Email addresses and full personal information are known to cybercriminals as 'Fullz,' and once exposed, victims are exposed to phishing attacks, impersonation, and fraud even after their cards have expired,” Cyble said. It will be easier to be exposed to attacks, ”he said, recognizing that even if the expiration date has passed, there is a high risk if it is used for crime.

This is not the first time BidenCash has exposed card information on a large scale. BidenCash has released 1,221,551 card information for free in October 2022 and is promoting its site.

“Threat actors routinely commit fraud by purchasing data through marketplaces of stolen card information like BidenCash, but more fraud is committed when data is made available to the public for free,” Cyble said. Banking institutions must monitor the dark web for data leaks and fraud and proactively prevent damage.”