After healthcare data and medical images were leaked earlier this week, a database containing debit and credit card details of around 461,976 Indians were found to be sold on dark web marketplace Joker’s Stash, which had previously come into the limelight over a similar incident.
The database was first discovered by Singapore-based cybersecurity company Group-IB. Out of the total number of these cards, 98% were issued by Indian banks, Group-IB said in a statement.
While Group-IB was unable to find the source of the database, the company had alerted Indian Computer Emergency Response Team (CERT-In) after the discovery. According to the company, the breach has exposed details such as credit or debit card numbers along with their expiration dates and CVV/CVC codes. In some cases, cardholders’ full name, emails, phone numbers, and addresses were also exposed in the breach.
Group-IB found that all the cards were sold at $9 for each piece, which takes the total value of the database to stand at $4,157,784. This database was uploaded on February 5 under the name ‘INDIA-BIG-MIX’. Till February 6, 16 cards from this database were sold out, Group-IB added.
Within the span of 12 months, this is the second time when Group-IB has alerted about a breach in which card details of Indians were compromised. In October 2019, around 1.3 Mn debit and credit card details were put up for sale on Joker’s Stash. The database contained details from various issuing banks. Each card detail was being sold for $100.
Shestakov said that this time around along with the credit card dump, personal information was also exposed. According to Group-IB’s ‘Hi-Tech Crime Trends 2019/2020’ report, the size of the carding (card stealing) market rose by 33% during the second half of 2018 to the first half of 2019. The report also estimated that the total value of the market stands at $879.7 Mn till H1-2019.
The sale of credit card data is also on the rise today, having grown by 19% in the corresponding period, the report added.