Skip to main content

Over 1M credit cards just leaked to criminals on the dark web

Over 1.2 million credit cards have been distributed via the dark web through a recently launched underground marketplace.

As reported by Bleeping Computer, in an effort to attract cybercriminals to its platform, the hackers behind ‘BidenCash’ have distributed the details of 1,221,551 credit cards.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The illegal carding market, which can be accessed through the dark web, went live during June, 2022. Initially, this specific marketplace started out by leaking thousands of credit cards.

However, in order for its services to gain more traction, BidenCash decided to release details for more than 1.2 million cards in one go.

Stealing credit card information and selling it can prove to be lucrative for the individuals behind it, with such sensitive data usually being sold in batches. After all, cybercriminals can use the cards to buy items, extract the cash from the account, or just continue to charge the card itself until the bank realizes that the transactions are fraudulent.

So what’s the motive behind BidenCash’s free giveaway? The answer lies behind distributed denial of service (DDoS) attacks that targeted its original domains. As a result, in order for word to get out in regard to fresh URLs for the service, the hackers are distributing the data free of charge.

In addition to a clearnet domain, they also shared the new URLs through various hacking and carding forums.

As for the credit cards, the file itself features cards with an expiry date from 2023 to 2026. Although there were some that belonged to non-U.S. residents, the majority of the cards belonged to people in America.

Alongside the obvious sensitive data pertaining to the cards, the dump includes personal information as well, including email addresses, phone numbers, and the address of the card holder.

Security analysts state that most of the 1.2 million cards derive from web skimmers — scripts found within checkout pages of compromised e-commerce sites, which sees any credit card information entered being sent directly to the threat actors.

As previously mentioned, credit card fraud is a massive market for criminals. According to data from Merchant Savvy, global payments fraud has increased from $9.84 billion in 2011 to a staggering $32.39 billion in 2020.

As ever, always be careful when entering your account details online, and of course, get in touch with your bank if you do see any suspicions transactions.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more