Major Data Breach Exposes Card Details of Half a Million Indians

A cybersecurity company on Friday revealed that a database of over 460,000 payment card records has been posted on one of the most popular darknet card shops on 5 February.

The worrying bit about the report shared by a Singapore-based firm called Group-IB is that over 98 percent of records detected belonged to some of the biggest Indian banks. And it also mentions the market value of this database on the dark web is estimated at more than $4.2 million. The source of this batch currently remains unknown.

This is the second major incident to have been reported in less than six months involving data of Indian debit or credit card users. Interestingly, in both the incidents, the common pattern has been the same darknet card shop called the Joker’s Stash.

Sharing the details of the breach with The Quint, Group-IB pointed out that,” upon the discovery of this database, Group-IB immediately informed the Indian Computer Emergency Response Team (CERT-In) about the sale of the payment records, so they could take necessary steps.”

So what kind of data has been revealed?

The report shares more concerning details about the breach, telling how much is the data being sold at, and if any of them have been sold yet. “All the cards from the database are being sold for $9 (Rs 630 approx) for a piece, with the total underground market value of all the batch standing at $4,157,784. As of morning on 6 February, 16 cards were sold out.”

Group-IB has also confirmed the new data includes physical cards that come without the magnetic stripe, which was recognised as the source of the breach last year. “What distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”