The move served as a gesture of gratitude to its community on its one-year anniversary of operating as an illicit online store. “Dear valued customer, we are thrilled to have reached our first year anniversary as an online store, and we could not have done it without your support!” the advertisement reads. “Thank you for choosing our store and trusting us to provide you with quality products and excellent service.”
Security Researchers Confirm Contents of Leaked Database
Cybersecurity researchers at Cyble confirmed that the files did, in fact, contain over 2,165,700 bank cards. Specifically, it contained 740,858 credit cards, 811,676 debit cards, and 293 charge cards. The largest chunk, 965,846, belongs to United States card owners, with Mexico and China having the next largest number with around 97,000 cards each. Some of the most impacted banks are Chase Bank, Bank of America, Wells Fargo, Capital One, Citibank, and BBVA Bancomer. The database also contained Personally Identifiable Information, including names, emails, phone numbers and home addresses. According to researchers, leaking cards on such a large scale is likely a marketing ploy, similar to one previously observed with All World Cards, another popular dark web marketplace.
Watch out for Potential Scams
While it is unclear if the cards in the database are active, even expired cards can be dangerous in the wrong hands. Cybercriminals can use data such as names, card numbers, CVVs, bank names, etc., to build a profile of potential victims. They can use this information to craft targeted phishing emails, convincing social engineering scams, or even commit identity theft or fraud. Earlier this week, an elaborate scam targeting 3,000 Asian Texans came to light, where an organized crime group stole victims’ card details from the dark web, and consequently used the data to order replacement driver’s licenses from a government portal. Cyble’s researchers added that debit card holders were at a higher risk as they have different fraud protection schemes than credit cards. We recommend that victims watch out for unauthorized or other suspicious transactions. If you’re curious about how much of your information is on the unprotected internet, you could consider using a dark web monitoring service. If you plan on visiting the dark web yourself, make sure you check our list of the best VPNs for accessing the dark web first.