In an extremely sinister marketing stunt, a dark web carding marketplace called BidenCash has published the details of more than 1.2 million credit cards online.
According to a BleepingComputer report (opens in new tab), the database includes card numbers, expiration dates, CVV numbers, cardholder names, bank names, card types, physical addresses, email addresses, social security numbers and phone numbers.
Not only is this selection of data more than enough to commit financial fraud, it could also be used for identity theft (opens in new tab) as well. What’s more, many of the cards won’t expire before 2023, and some will even remain valid until 2026, the report states.
Victims worldwide
While the database contains details on cards from all over the world, most of them belong to US citizens, it was said. Other countries include Greenland, Iran, India, Bolivia, and Venezuela.
The total number of exposed cards is 1,221,551. These details are usually obtained through point-of-sale malware, magecart attacks, or other infostealers.
Even though it sounds farfetched, this seems to be nothing more than a publicity stunt. According to BleepingComputer, BidenCash recently suffered a devastating distributed denial of service (DDoS) attack, forcing it set up under new URLs.
To make sure it reaches as many cybercriminals as possible, BidenCash distributed the data dump via a clearnet domain, as well as via other hacking and carding forums.
The database of details was released last Friday and has since been confirmed as authentic by multiple sources, including BleepingComputer and D3Lab. The latter believes roughly a third (30%) are current, meaning at least 350,000 cards could still be valid.