Dark web carding site BidenCash gives 1.2M payment cards for free

BidenCash, a popular dark web carding site, released a dump of more than 1.2 million credit cards to promote its service.

Operators behind the popular dark web carding market ‘BidenCash’ have released a dump of 1,221,551 credit cards to promote their underground payment card shop. Multiple security firms, noticed the promotional activity, but the news was first reported by threat intelligence firm Cyble and the Italian firm D3Lab.

It is a great gift to fraudsters that can download for free the dump and use it for fraudulent activities.

The announcement of the availability of the dataset consisting of over 1.2 million credit and debit cards information on a notorious cybercrime forum mainly hosting Russian and English-speaking Threat Actors.

Bidencash

The leaked data includes 1,221,551 credit and debit card records containing credit card number, expiry date, 3-digit card verification value (CVV), card holder’s name, associated bank name, full address, date of birth, email, and phone number. The database also includes the social security numbers for cardholders in the United States.

According to threat intelligence Cyble, the payment card data belong to cardholders across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore.

“Our detailed statistical analysis revealed that American Express (US) is impacted the most. The top ten countries with affected consumers are the United States, India, Brazil, the United Kingdom, Mexico, Turkey, Spain, Italy, Australia, and China.” reads the analysis published by Cyble.

BANK NAME            NO. OF CARDS LEAKED
AMERICAN EXPRESS, US 150,663
FISERV SOLUTIONS, LLC 24,491
WELLS FARGO BANK 18,818
THE FIFTH-THIRD BANK 18,007
ITAU UNIBANCO 16,130
U.S. BANK 13,268
BANK OF AMERICA 11,173
FIDELITY INFORMATION SERVICES, INC 10,767
JACK HENRY & ASSOCIATES 10,553
BARCLAYS BANK, US 7,669
COUNTRIES NO. OF CARDS LEAKED
UNITED STATES 676,899
INDIA 158,626
BRAZIL 60,890
UNITED KINGDOM 24,233
MEXICO 21,156
TURKEY 16,171
SPAIN 14,993
ITALY 13,391
AUSTRALIA 12,671
CHINA 12,664

Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding site was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.

According to Forbes, the administrator has amassed a billion dollars worth of Bitcoin with its activity.

After the retirement, other carding websites such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’ gained popularity in the underground marketplace.

“Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfill the illicit demand for compromised payment cards.” continues Cyble.

‘BidenCash’ was launched in April 2022 and was considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free increased rapidly increased its popularity.

In June 2022, BidenCash released over 7.9 million payment card data dating from 2019 to 2022 on a cybercrime forum. However, the dump only contained 6,581 records exposing credit card numbers.

Stolen payment card data are usually obtained through web skimming attacks.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, BidenCash)

The post Dark web carding site BidenCash gives 1.2M payment cards for free appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source