[BreachExchange] Over 4.5L card records from India uploaded on Darknet

Destry Winant destry at riskbasedsecurity.com
Mon Feb 10 10:10:17 EST 2020 

https://tech.economictimes.indiatimes.com/news/internet/details-of-450000-payment-card-details-of-indian-banks-leaked/74013671

A database containing more than 450,000 payment card details of Indian
banks has been uploaded on to the darknet, Singapore-based
cybersecurity company Group-IB has revealed.

The entire database has 461,976 payment card records, of which 98%
belong to large Indian banks, the firm said, and was uploaded on to
card shop website Joker's Stash, used by cybercriminals to buy and
sell card data on the darknet.

The darknet is a network of secret websites that exist on an encrypted
network, hidden from the internet as we see it.

The website holds large datasets of cards and claims that it hosts the
most current payment card details accessed through breaches, rather
than through hosting recycled data.

Group 1B did not reveal the names of the Indian banks.

The database contains card numbers, expiry dates, CVV/CVC codes, full
names of cardholders, email ids, phone numbers and addresses.

According to Group-IB estimates, the underground market value of the
database is more than $4.2 million at $9 apiece.

As of February 6, 16 cards have been sold. The source of the database,
however, remains unknown, Group-1B said.

The firm has informed the Indian Computer Emergency Response Team
(CERT-In), the country’s nodal cyber security agency, about the sale
of the payment records.

CERT-In did not reply to ET’s queries until press time on Friday.

“Such type of data is likely to have been compromised online — with
the use of phishing, malware...we have shared all the information
discovered with our colleagues from CERT-In,” said Dmitry Shestakov,
Head of Group-IB's сybercrime research unit.

This is the second major incident related to upload of payment records
of Indian cardholders that Group-IB has reported in the last six
months.

The new database is different because these cards were likely
compromised online, it said.

In the first case reported in October, card dumps (the information
contained in the card’s magnetic stripe) could have been stolen
through compromised offline point of sale terminals, it said.

More information about the BreachExchange mailing list