Cyber criminals recently uploaded over 460,000 debit and credit card records on a popular Dark Web marketplace in October and November and were selling such records for between $1 and $3 apiece, said researchers at security firm Group-IB.
The firm noted that a vast majority of these debit and credit card records were stolen or fraudulently obtained from the largest Turkish banks and were uploaded to Joker’s Stash, one of the most popular underground card shops.
On 28th October, hackers uploaded two separate databases to Joker’s Stash, namely TURKEY-MIX-01 and TURKEY-MIX-02 that contained 30,000 and 60,000 debit and credit card records respectively. The hackers claimed that up to 85 to 90% of debit and credit cards whose details were stored in the database were active.
On 27th November, the hackers uploaded two more databases, namely TURKEY-MIX-03 and TURKEY-MIX-04, that contained 190,000 and 205,000 debit and credit card records respectively and up to 90% of cards were valid at the time of uploading. These payment card records were being sold on Joker’s Stash for just $1 apiece.
According to researchers at Group-IB, the total value of debit and credit card records stored in the four databases was more than $0.5 million and belonged solely to Turkish citizens.
“A breakdown of the data indicated that all the cards could have likely been compromised online either due to phishing, malware or increased activity of Java-Script sniffers,” said Dmitry Shestakov, the head of Group-IB сybercrime research unit.
“All the compromised credit and debit cards records in this database were identified as raw cards data also known as „CCs“ or „fullz“ and contained the following information: card number, expiration date, CVV/CVC, cardholder name as well as some additional info such as email, name and phone number, which, unlike card dumps (the information contained in the magnetic stripe), cannot be obtained through the compromise of offline POS terminals.
“Upon identification of this information, Group-IB team has immediately alerted relevant Turkish local authorities about the sale of the payment records, so the former could take appropriate measures and mitigate the risks. The source of this data compromise remains unknown,” he added.
Hackers also uploaded payment card records stolen from 22 Pakistani banks to Joker’s Stash
This isn’t the first time that hackers have put up large amounts of data on Dark Web platforms after stealing them from large corporations, banks, or government organisations. In November last year, hackers stole more than 19,000 debit card records from as many as twenty-two Pakistani banks and put these records up for sale on Joker’s Stash and other Dark Web platforms.
According to Pakistan’s Geo News, on October 26th last year, hackers infiltrated Bank Islami’s servers and transferred up to $2.6 million from the accounts of international payment card holders. The hackers also stole debit card details of over 8,000 account holders of nine other Pakistani banks an put them up for sale for prices ranging from $100 to $135 each.
FIA officials told Geo News that debit card details being auctioned on Dark Web marketplaces were skimmed from banks’ servers by hackers and such data were being advertised by hackers as “skimmed data”. PakCERT CEO Misbahuddin Ahmed told Geo News that while banks were not digitally compromised, criminals behind the operation cloned international debit cards and then cashed out such accounts from ATMs located in several countries.