Over 460,000 payment card records were uploaded to one of the most popular darknet cardshops on February 5, of which over 98% were from the biggest Indian banks, according to Group-IB.
The Singapore-based cybersecurity company said the underground market value of the database containing these records, the source of which remains unknown, is estimated at more than US$4.2 million.
Group-IB has immediately informed the Indian Computer Emergency Response Team (CERT-In) about the sale of the payment records, so they could take necessary steps.
The new database under the name “INDIA-BIG-MIX” ([CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE) went on sale on the Joker’s Stash — one of the most popular underground cardshops.
According to Group-IB Threat Intelligence team, the database, comprising 461,976 payment records, in particular, exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.
All the cards from the database are being sold for $9 apiece, with the total underground market value of all the batch standing at $4,157,784. As of morning on February 6, 16 cards were sold out.
“This is the second major leak of cards relating to Indian banks detected by Group-IB Threat Intelligence team in the past several months,” said Dmitry Shestakov, the head of Group-IB сybercrime research unit.
What distinguishes the new database from its predecessor is that the cards were likely compromised online, an assumption that is supported by the set of data offered for sale.
On October 28, 2019, Group-IB Threat Intelligence team detected a huge database holding more than 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash. Group-IB experts determined that the underground market value of the database was estimated at more than $130 million. This became the biggest card database encapsulated in a single file ever uploaded on underground markets at once.