Pierluigi Paganini
March 04, 2023
An archive containing 2.1 million stolen payment card numbers is available for free to commemorate the anniversary of the dark web carding site BidenCash.
The dump was released on February 28, it was published through the Russian-speaking cybercrime forum XSS. The decision to release free samples aims at attracting new customers and gain notoriety in the cybercrime ecosystem.
Flashpoint researchers who analyzed the collection reported that the text file leaked by BidenCash includes credit card numbers along with cardholder’s personally identifiable information (PII) (name, address) and financial data such as the full card number, expiration date, CVV code, and bank name.
The experts reported that about 70% of the cards have expiration dates in 2023, while 50% of the cards belong to US-based cardholders.
Researchers from threat intelligence firm Cyble who analyzed the leak, reported that it contains at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards. The experts pointed out that the risk is higher for debit card holders than credit card holders, due to different fraud protection.
The following table reports the most records leaked by country are:
| Records | Country |
| 965,846 | UNITED STATES |
| 97,665 | MEXICO |
| 97,003 | CHINA |
| 86,313 | UNITED KINGDOM |
| 36,906 | CANADA |
| 36,672 | INDIA |
| 23,009 | ITALY |
| 22,798 | SOUTH AFRICA |
| 21,361 | AUSTRALIA |
| 19,700 | BRAZIL |
Even if some of the payment cards are expired, threat actors can use the data to carry out multiple attacks against the victims, including spear-phishing attacks and financial scams.
“The presence of email addresses and full information (commonly referred to as “Fullz” by cybercriminals) will make the victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details.” states Cyble.
In October 2022, the operators behind the popular dark web carding market ‘BidenCash’ released a dump of 1,221,551 credit cards to promote their underground payment card shop
Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding site was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.
According to Forbes, the administrator has amassed a billion dollars worth of Bitcoin with its activity.
After the retirement, other carding websites such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’ gained popularity in the underground marketplace.
“Since that time, we saw a rise in the emergence of several new debit and credit card shops to fulfill the illicit demand for compromised payment cards.” continues Cyble.
‘BidenCash’ was launched in April 2022 and was considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free increased rapidly increased its popularity.
In June 2022, BidenCash released over 7.9 million payment card data dating from 2019 to 2022 on a cybercrime forum. However, the dump only contained 6,581 records exposing credit card numbers.
Banking institutions should monitor the dark web for the offering of credit/debit cards to prevent fraudulent activities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, BidenCash)
