Hackers published a million stolen credit cards for free in a campaign dubbed a “promotion of unprecedented generosity” to inaugurate a new criminal marketplace, the Italian cybersecurity firm D3Labs said.
The promotion of the new criminal dark web carding site AllWorld[.]cards began in early June. The underground carding site has been in operation since May 2021, according to cybersecurity firm Cyble.
Hackers promote their dark web carding site with free stolen credit cards
D3Labs suggested that the hackers published the data to attract cybercriminals to the new platform and purchase additional stolen information.
“The curators of All World Cards began advertising their services on sites dedicated to carding in early June, as visible in the screenshots below, and it is conceivable that the data was shared for free to entice other criminal actors to frequent their website by purchasing additional stolen data to unsuspecting victims,” D3Labs’ auto-translated statement read.
The platform already has over 2.5 million stolen credit cards selling between $0.30 and $14.40. Over 1.1 million credit cards were stolen from victims in the United States.
Half of the stolen credit cards published on the dark web are still active
The cards were stolen between 2018 and 2019, making it difficult to determine how many were still active. However, the threat actor said that 27% were still active. Contrarily, cybersecurity researchers at Cyble found that only 20% of the stolen credit cards published on the dark web were active, while D3Labs suggested that 50% had not been compromised.
The stolen credit cards exposed credit card information like credit card numbers, expiration dates, CVV numbers, and personal information like names, phone numbers, email addresses, countries, states, cities, addresses, and zip codes.
Nearly half (49%) of the stolen credit cards published on the dark web were issued by Visa, while almost another half (48%) was issued by MasterCard, Rupay (2%), Amex (~1%), and Discover (~1%).
Over three-quarters (76%) of cards published on the dark web hacking forums were debit cards, while the rest were credit cards. Nearly all (98.09%) leaked stolen credit cards had a valid Bank Identification Number (BIN) associated with the issuer.
Most victims were from the State Bank of India, Banco Santander, Sutton Bank, JP Morgan Chase, BBVA Bancomer S.A., and the Commonwealth Bank of Australia, according to Cyble.
India had the highest number of victims (20%) whose credit card information was leaked on the dark web, followed by Mexico (9%), the United States (9%), Australia (8%), Brazil (7%), South Africa (7%), United Kingdom (4%), and others.
Impact to credit and debit cardholders
“Carding is a serious and very dangerous issue that can greatly impact consumers,” Uriel Maimon, senior director of emerging technologies at PerimeterX. “In carding attacks, cybercriminals use bots to test lists of recently stolen credit card and debit card details on merchant sites.
“The carders then use the proven credit card details to directly retrieve funds from associated accounts or to purchase gift cards which can easily be converted into high-value goods, such as cell phones, televisions, and computers. These goods are then resold – often via eCommerce sites offering a degree of anonymity – for a profit.”
The affected banks’ customers should monitor their card records, check their bank statements carefully for unknown transactions, and contact their bank if they discover any suspicious activity. They could also use credit reporting services like Experian, Equifax, and TransUnion.
“As these cards were stolen between 2018-2019, it stands to reason that most are no longer valid, especially if they’re publicly dumped and multiple actors will jump on them at the same time,” Maimon adds. “That means that attackers MUST validate them before attempting to use them.
“The payment amount of these validation attempts causes a lot of damage, even before you consider the damage done by those used to purchase goods. With increased fraud, merchants must pay higher fees and at some percentage point they’re no longer allowed to handle credit card transactions.”