The Threat Intelligence team at the AI-driven CloudSEK, headquartered in Singapore, discovered a threat actor advertising a database of 1.2 million cards for free on a Russian-speaking Dark Web cybercrime forum.
This followed another incident where 7.9 million cardholder details were advertised on the
Contrary to previous records, this time the hackers released sensitive personally identifiable information (PII), such as SSN, card details and CVV, the team revealed.
“State Bank of India, Fiserv Solutions LLC and American Express were some of the major banking institutions affected. Approximately 508,000 debit cards were breached with 414,000 records of
Most of the personal emails related to the card details were made public. Other official email records were found related to SoftBank, Bank of Singapore and
“Marketplaces like BidenCash often pop up where the threat actors trade sensitive card data for card and clone services. While the modern security mechanisms can minimize the impact, threat actors regularly check to deploy new methods to circumvent them,” he said.
Leaked PII could allow threat actors to orchestrate social engineering schemes, phishing attacks and even identity theft.
“Exposed card data could be used by them to carry out attacks such as card smuggling, card cloning and unauthenticated transactions to facilitate illegal purchases,” researchers said.
The motivation behind these data breaches was to get more visitors to their website and build a reputation.
The BidenCash Forum became active in early February 2022. Post that the threat actor resorted to various ways to get traffic to his website, such as spamming comments on websites.
“On a personal level, trying to track your card transactions and being aware of malicious sites that lure many can help to a greater extent. As the BidenCash group tries to gain popularity through various measures, leaking card data is motivating other groups to follow the same steps,” Desai noted.
One-year-old fitness startup by IIT graduates raises $3.4M in BYJU’s seed funding consolidates Indian operations, 5% workforce is ‘rationalised’ into teams