• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Deep Web
  • 330K stolen payment cards and 895K stolen gift cards sold on dark web

330K stolen payment cards and 895K stolen gift cards sold on dark web

Pierluigi Paganini April 09, 2021

A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web.

A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a  top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering a huge amount of cards in February 2021. According to the experts from fraud intelligence firm Gemini Advisory, threat actors have obtained the cards by compromising the back-end of the online discount gift card shop Cardpool.com.

“Gemini assesses with moderate confidence that the breach of Cardpool.com was also the source of the stolen gift cards.” reads the post published by Gemini Advisory. “The breach of Cardpool.com provides valuable insight into both how cybercriminals value different types of stolen cards and also shows how cybercriminals use sites like Cardpool.com to monetize cards once they are stolen.”

Gift Cards

The criminal actor claimed that the database contained over 3,000 brand-name gift cards from top companies across various industries, including AirBnB, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. The seller set up an auction with a starting price of $10,000 and a buy-now price of $20,000. Experts from Gemini Advisory revealed that gift cards were bought by another actor soon after they were available for sale.

A day later, the same actor offered for sale another collection of 330,000 credit and debit cards on the same forum. The data included victims’ billing address and partial payment card data, including payment card number, expiration date, and bank name, but did not include the CVV or cardholder name. The actor set up an auction with a starting price of $5,000 for the entire DB and issued a buy-now price of $15,000. The payment cards were sold out in a few days.

Experts pointed out that cybercriminals could easily monetize stolen gift cards by purchasing goods and reselling them or, selling the cards to a third-party gift card marketplace like Cardpool. Unlike payment cars, gift cards are subjected to fewer identity verification checks.

“Typically, compromised gift cards sell for 10% of the card value in the dark web; however, the 895,000 cards offered from the breach were priced at roughly 0.05% of the card value. First off, it’s entirely possible that the actor exaggerated the total value of the gift cards to drum up sales, but the main factor dampening their price was the low validity rate, which refers to if the cards are active and can be used for nefarious purposes.” continues the post. “Even though there were nearly one million cards, the price included the assumption that a significant portion would be invalid or have a low balance (possibly because even the actor themself used some of the cards before selling them).”

The investigation of the cybercriminal actor selling the gift cards and payment cards revealed that he is a prolific Russian-speaking hacker who was engaged in similar activities since 2010. The actor has offered in the past large lots of stolen payment card data, compromised databases, and the personally identifiable information (PII) of United States residents.

While unnamed, the hacker behind the breach is a known entity that has been active since 2010 and has been observed to offer payment card data, compromised databases, and the personally identifiable data of US residents.

“the subsequent sale of the cards in the dark web provides insight into how cybercriminals value different types of cards and the specific sorts of data that fetch a higher price on criminal forums and marketplaces. Thirdly, the site was also a tool that cybercriminals leveraged to monetize stolen cards, regardless of whether they compromised the cards themselves or purchased them on dark web marketplaces.” concludes the post.” conclude the experts. “This third insight, in particular, casts light on the important fact that for most cybercriminals, the trick is not in acquiring stolen cards but in devising the most efficient way to cash out the funds on the cards before financial institutions can flag them as compromised.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Cybercrime Deep Web gift cards Hacking hacking news information security news IT Information Security malware payment cards Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more
Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT