In the recent report unveils that, around 5 Lakh Indian Payment Cards Data is available for sale on DarkWeb.
What Payment Cards Details Expose?
- Compromised 461,976 payment records
- Card Holder Name
- Card Number
- Expiration Date
- CVV code
Group-IB, a Singapore based Cyber Security company, unveils that over 98 percent database on sale.
The company has reported to the Computer Emergency Response Team (CERT) of INDIA. Over 4,60,00 payment cards details uploaded on 5th February.
The total value of database approx 4.2 Million USD. It’s still unknown how this breach had happened.
According to Group-IB Threat Intelligence team, the database, comprising 461,976 payment records, in particular, exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.
According to Dmitry Shestakov, Head of Group-IB сybercrime research unit.
“This is the second major leak of cards relating to Indian banks detected by Group-IB Threat Intelligence team in the past several months. In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”
“Such type of data is likely to have been compromised online with the use of phishing, malware, or JS-sniffers. While in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example. We have shared all the information discovered with our colleagues from CERT-In.”
Earlier, the Payment Card Data Leaked On October
On October 28, 2019, Group-IB Threat Intelligence team have detected a huge database holding more than 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash (a dark web). Group-IB experts determined that the underground market value of the database was estimated at more than $130 million. This became the biggest card database encapsulated in a single file ever uploaded on underground markets at once.
According to Group-IB, “This threat can hardly be underestimated: the APAC region has recently seen its first arrest of JS-sniffers’ operators, who stole payment card data with the help of GetBilling JS-sniffer family. The arrest came as a result of a joint operation of INTERPOL, Group-IB and Indonesian police.”
Last month in January 2020, Wawa, a American Company got Hacked and its 30 Million Customers Credit Cards Data Sale On DarkWeb.