Pierluigi Paganini February 21, 2025

Experts warn that the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.

D3 Lab researchers reported that on February 19, 2025, the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. Experts speculate that B1ack’s Stash used the free card release as a marketing strategy. The decision to release free samples aims at attracting new customers and gain notoriety in the cybercrime ecosystem.

The marketplace administrator announced the data leak on a popular cybercrime forum, claiming the release of a lot composed of 4 million free credit cards.

D3 Lab pointed out that hundreds of thousands of cards were issued by European financial institutions. Cards are sorted by type, country, and bank, the threat actors are also offering card dumps.

“The post promised the release of 4 million free credit cards, with the actual upload of 6 archives containing 1,018,014 unique cards. Among these, 192,174 were issued by European financial institutions.” reads the analysis published by D3 Lab.

The leaked data includes PAN (Primary Account Number), expiration date, CVV2, cardholder’s personal details, email address, IP address, and User-Agent.

The researchers speculate the data was obtained through e-skimming.

“Web Skimming remains one of the most prevalent threats to e-commerce platforms and credit card holders.” concludes the report.

In February 2023, the dark web carding site BidenCash leaked for free a collection of approximately 2 million stolen payment card numbers.

Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding site was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.

According to Forbes, the administrator has amassed a billion dollars worth of Bitcoin with its activity.

After the retirement, other carding websites such as ‘Ferum Shop’, ‘UAS’, and ‘Trump Dump’ gained popularity in the underground marketplace.

‘BidenCash’ was launched in April 2022 and was considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free increased rapidly increased its popularity.

In June 2022, BidenCash released over 7.9 million payment card data dating from 2019 to 2022 on a cybercrime forum. However, the dump only contained 6,581 records exposing credit card numbers.

Banking institutions should monitor the dark web for the offering of credit/debit cards to prevent fraudulent activities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, carding)