Close-up of stolen credit cards showing dark web marketplace

1.2 Million Stolen Credit Cards Handed Out for Free by Dark Web Marketplace

A dark web marketplace calling itself “BidenCash” is attempting to establish itself by giving away 1.2 million stolen credit cards, some with added sensitive information (such as Social Security numbers) attached.

The fledgling dark web marketplace began heavily marketing itself in June and had previously offered a dump of stolen credit cards as an introductory promotional tactic, though that involved only several thousand numbers. Security analysts have found that the majority come from the United States and that about 30% of the collection are numbers that have not been seen before, but also that quite a few have been blocked by banks and that only a small fraction of the dump may actually remain usable at this point.

Dark web marketplace promotion hands out free cards, but many numbers recycled and already blocked

The dark web marketplace, which specializes in stolen credit cards, dumped some 1,221,551 for public viewing as a way to promote itself. However, security analysts that have looked over the dump believe that a lot of it comes from a similar stunt that was pulled last year: another dark web marketplace called AllWorld Cards released about a million cards that were stolen between 2018 and 2019 in August 2021.

Researchers think that the bulk of the BidenCash release consists of recycled numbers from that and other prior data breaches that were already floating around the internet. But this release does have a subset of more fresh stolen credit cards, or about 30% (350,000) that have not been seen before. Most of the cards have expiration dates ranging from 2023 to 2026, and about 70% are “fulls” that contain all the info needed to make online purchases (such as the CVV number on the back of the card). An unspecified number of cards have additional personal information attached, such as email addresses and phone numbers, and some amount even have US Social Security numbers included.

No specific source for all of this new information has been identified, but the dark web marketplace is known to traffic in information stolen from malware that infects point-of-sale systems at retail locations or virtual shopping cart systems at e-commerce sites. One post claims that the stolen credit cards were gathered from “web skimmers,” or scripts injected into the checkout pages of hacked sites that siphon off the entered payment information as the transaction goes through. The majority of the cards come from the US, with a smattering from about a dozen other countries in Europe, Asia, Africa and South America. Over half the cards (53%) are American Express, and the vast majority of these come from the US.

The dark web marketplace did not provide a specific reason for their apparent generosity, but the promotional move may be tied to the fact that its former domains were recently taken out by a distributed denial of service (DDoS) attack. The group is likely trying to quickly direct attention to its new store domains. The stolen credit cards were made available not only through one of its own domains, but via posts on assorted carding and hacking forums.

A subset of stolen credit cards from Italy was more closely examined by security firm D3Labs, who found that about half had already been identified and blocked by the issuing banks. Extrapolating from that sample and the number of recycled cards in the collection, D3Labs believes that as little as 10% of the card numbers are still working at this time.

Stolen credit cards continue to be big business for cyber criminals

To give some example of the size of the online market for stolen credit cards, dark web marketplaces generally have an inventory of several million card numbers at any given time. These tend to range in price from about 30 cents to $15 USD. As can be seen on the BidenCash site, they often have a separate section for higher-priced “hot” cards (ranging from $5 and up per number) that have been very recently verified to be working. Stolen credit cards are generally tested with a series of several purchases of no more than a few dollars each, in the hopes the card holder will not notice the suspicious transactions until it is too late.

A #darkweb marketplace calling itself ‘BidenCash’ is attempting to establish itself by giving away 1.2 million stolen credit cards, but #security researchers believe most are already invalid. #respectdataClick to Tweet

Not all of the carding sites are of this size, but BidenCash was able to grow to an inventory of over two million stolen cards (and the ability to give away another million+) in just a few months. This is another area of cyber crime that saw a major surge in activity due to the Covid-19 pandemic and associated lockdown measures; it jumped from $28 billion in 2019 to $32 billion in global activity in 2020, more than tripling from the just under $10 billion recorded in 2011. The US is the most heavily targeted country by far, representing about a third of the total traffic in stolen credit cards, but there is a growing interest in high population countries with developing economies such as India and Brazil.