Cybersecurity firm Group-IB recently detected a database containing over 460,000 payment card records of Indian banks on the darknet for sale. The database, named “INDIA-BIG-MIX (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 NON-REFUNDABLE BASE”, was kept on “Joker’s Stash”, a dark web marketplace for trading stolen cards data.
While the source of the database remains unknown, Group-IB has notified Indian Computer Emergency Response Team (CERT-In) about the database leak. According to Group-IB, the database contains 461,976 payment records, card numbers, expiration dates, CVV/CVC codes, cardholders’ full name, email ID’s, contact details, phone numbers, and addresses. It’s estimated that the underground market value of these cards’ data would be more than US$ 4.2 million.
Dmitry Shestakov, Head of Group-IB cybercrime research unit, said, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info. Such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example. We have shared all the information discovered with our colleagues to CERT-In.”
This is the second major leak of payment cards related to Indian banks detected by Group-IB. In October 2019, Group-IB’s threat intelligence team uncovered a database holding over 1.3 million credit and debit card records of Indian banks’ customers uploaded to Joker’s Stash. The underground market value of the database was estimated at more than US$130 million.
Joker’s Stash – A Hacker’s Marketplace
There were multiple incidents where hackers traded stolen cards’ data on Joker’s Stash. Recently, threat intelligence firm Gemini Advisory revealed that hackers kept payment card details of Wawa’s customers on Joker’s Stash. In an official statement, Wawa confirmed that hackers tried to sell customers’ card information that breached in the security incident occurred on December 10, 2019. The data belonged to 30 million Americans and over one million foreigners from more than 100 different countries.