advertisement
In what is being called as one of the biggest card dumps that have been found online in recent years, as per a ZDNet report, card details of more than1.3 million payment cardholders have been put online for sale on Joker’s Stash, a website on the dark web.
It has been found that more than 98 percent of the dump belongs to Indian banks while 1 percent belongs to Colombian banks, as revealed by security researchers at Group-IB, which is an organisation that provides security solutions against online fraud.
This is the third major card dump this year, in terms of size.
Joker’s Stash is a term used by security researchers to describe an online marketplace where hackers put card details up for sale and advertise the same as “card dumps”. It’s one of the oldest places where major cyber-crime groups dump card details.
Criminals usually buy the card data to clone them and use the same at ATMs to withdraw money.
Group-IB found that the card details have been put online for as much as $100 per card. This puts the overall estimated earnings of the hackers up to $130 million.
Furthermore, it has been found that the breach has happened across multiple banks as the cards found online varied among several banks.
Because of the advert being very recent, Group-IB has not been able to find whether there has been any kind of breach till now. Data analysis suggests that the card information could have been acquired using skimming devices installed in ATMs and PoS (Point of Sale) terminals.
The report also mentions that the card dump included Track 2 data which is mostly found on payment cards with magnetic stripes. However, the dump name suggests that it holds both Track 1 and Track 2 data.
This rules out the cards used only for online transactions. Since 31 December 2018, India has discontinued the use of cards with only magnetic stripes and switched instead to cards with embedded chips.
Earlier this year in February, card details of almost 2.15 million Americans were put on Joker Stash for sale with the card dump nicknamed ‘DaVinci Breach’.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)