Nearly 1.3 million debit and credit card data of Indian banking customers are reportedly available for open sale on the Dark Web. According to ZDNet, the info is available on Joker’s Stash – one of the oldest card shops on the dark web and a known hub for hackers to sell card dumps. As per the report, the aggregate data can fetch up to a whopping $130 million (around Rs. 900 crore) for cybercriminals.
Believed to have been first discovered by researchers from cyber-security firm, Group-IB, the listing is being advertised on Joker’s Stash under the name “INDIA-MIX-NEW-01”. The debit and credit cards belong to multiple Indian banks and are being sold for $100 (around Rs. 7,000) each, in what security researchers have dubbed one of the biggest card dumps in recent years.
“Early data analysis suggests the card details may have been obtained via skimming devices, installed either on ATMs or point of sale (PoS) systems”, said the report. The card dump includes “Track 2 data, usually found on a payment card’s magnetic stripe. The presence of this kind of data automatically rules out skimmers installed on websites (Magecart attacks), where Track 1 and Track 2 is never used”.
Criminals who buy card dumps from Joker’s Stash typically use the data to clone legitimate cards and withdraw money from ATMs in so-called “cash outs”. In February 2019, card details for 2.15 million Americans were put up for sale on Joker’s Stash, while in August, nearly 5.3 million card details obtained from gas and convenience chain Hy-Vee customers were also dumped on the notorious website.
Over the past five years, Joker’s Stash has become one of the premier underground credit card shops through significant releases of stolen credit cards from data breaches at companies like Target, Walmart, Saks Fifth Avenue, Lord & Taylor, and British Airways. It is estimated that the site lists 5.3 million credit card numbers related to this breach.
With Inputs from IANS