A card market known as BidenCash has leaked a free database of 2,165,700 debit and credit cards online to celebrate its first anniversary.
Rather than keep it secret, threat actors announced this massive leak on an underground cybercrime forum for wider reach and to get as much attention as possible.
According to Cyble researchers who spotted for the first time In this case, the leaked information is extensive, with details of “at least 740,858 credit cards, 811,676 debit cards and 293 payment cards”.
Of these, tens of thousands were duplicates, but there are still 2,141,564 unique ones, according to D3Lab’s threat intelligence manager, Andrea Draghetti.
The dataset contains personally identifiable information such as names, emails, phone numbers, home addresses and payment card details, including card expiration dates and CVV codes, card expiration dates up to 2052.
Draghetti told BleepingComputer that the massive database also includes around 497,000 unique email addresses, totaling more than 28,000 unique email domains, which could prove invaluable as ammunition in future targeted phishing scams and other campaigns. of fraud.
“We are thrilled to have reached our one year anniversary as an online store, and we couldn’t have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products. quality and great service,” BidenCash said. ad read.
“We are proud to count you among our customers and look forward to continuing to serve you in the years to come. Your loyalty and trust motivates us to continue to improve and grow our business.”
While researchers could not tell BleepingComputer how much of the information BidenCash leaks online for free is valid, the risk of it being used by fraudsters and cybercriminals cannot be underestimated.
“The presence of full email addresses and information (commonly referred to as “Fullz” by cybercriminals) will make victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams. , long after their card details expired,” Cyble said.
Carding has been active since February 28, 2022, reaching fifth place by total volume in a ranking created by threat intel cabinet Flashpoint.
This is also not the first time that BidenCash has used leaked free credit cards for promotional purposes, given that such “marketing” tactics have always been part of the card market world.
In October, the carding posted another free dump of 1,221,551 credit cardsand, as happened this week, the scammers distributed it through a clearnet domain and various other hacking and carding forums.
About 30% of a random sample of leaked credit cards analyzed by D3Lab at the time were found to be “fresh” (usable for financial fraud).
Another carding market, All World Cards, also promoted itself in August 2021 when it leaked 1,000,000 credit cards for free on various hacking forums.