BidenCash is a popular site cardingthat is a platform for the exchange and sale of data relating to payment cards acquired illegally through phishing activities and through malicious codes (web skimmers) implanted in compromised e-commerce sites.
How the Dark Web offering has changed over the past year
by Pierluigi Paganini
The news of the day is that the operators behind the popular carding site BidenCash have released an archive containing data for more than one million payment cards, 1,221,551 to be exact.
This is an operation designed to promote the platform in the criminal ecosystem, and it is not the first time this has happened.
Cyber companies, among them the threat intelligence company Cyble and the Italian D3Lab, immediately noticed the availability of online archives.
The announcement of the availability of the dataset of more than 1.2 million credit / debit card information appeared on a notorious forum frequented by cybercriminals.
The availability of such a large amount of payment card data exposes cardholders to the risk of financial fraud, and unfortunately there are many Italians among them.
Leaked data includes credit card number, expiration date, 3-digit card verification value (CVV), cardholder name, associated bank name, full address, date of birth, email and number phone. The database also includes social security numbers for cardholders in the United States.
In short, everything a cybercriminal needs to operate in the name and on behalf of unsuspecting users.
According to the Cyble company, the payment card data belongs to cardholders around the world, including the United States, Canada, India, Bangladesh, Saudi Arabia, United Arab Emirates, Indonesia, Malaysia and Singapore.
“Our detailed statistical analysis revealed that American Express (USA) is the hardest hit. The top ten countries with affected consumers are the United States, India, Brazil, United Kingdom, Mexico, Turkey, Spain, Italy, Australia and China “. report published by Cyble .
NAME OF THE BANK |
NO. OF CARDS |
AMERICAN EXPRESS, USA |
150.663 |
FISERV SOLUTIONS, LLC |
24.491 |
WELLS FARGO BANK |
18.818 |
THE FIFTH THIRD BANK |
18.007 |
ITAU UNIBANCO |
16.130 |
UNITED STATES BANK |
13.268 |
BANK OF AMERICA |
11.173 |
FIDELITY INFORMATION SERVICES, INC |
10.767 |
JACK HENRY & ASSOCIATI |
10.553 |
BANCA BARCLAYS, USA |
7.669 |
VILLAGES |
NO. OF CARDS |
UNITED STATES |
676.899 |
INDIA |
158.626 |
BRAZIL |
60.890 |
UK |
24.233 |
MEXICO |
21.156 |
TURKEY |
16.171 |
SPAIN |
14.993 |
ITALIA |
13.391 |
AUSTRALIA |
12.671 |
CHINA |
12.664 |
In this regard, I contacted Andrea Draghetti, a cyber security expert who works for D3Lab asking for details on their discovery and on the number of Italian user cards potentially involved.
Although the analysis of the archive is still in progress, and therefore we do not have complete data, the Italian records identified so far are about 14,000.
“The records are valid, the data is true and of people and credit cards that really exist.” Draghetti explains. “However, only 30% of them contain credit cards never shared before on the deep and dark web. Based on the feedback that some lenders have provided us, of these new shared cards, most of them are already blocked for previous suspicious activities. These archives are usually created with cards that come from Web Skimmer and these archives serve to promote illegal stolen credit card shops. It is therefore plausible that they “give” to all cards that have already been used / resold but still valid in the past. “
However, as the data in the archive, if belonging to blocked cards, can still be used in fraudulent activities, such as identity theft or financial fraud.
Carding platforms are important elements of the criminal ecosystem, they represent the reference point for the sale and purchase of stolen payment card data. One of the most popular carding sites of all time was Joker Stash, its operators retired in February 2021, and according to Forbes, the administrator would have amassed a billion dollars in Bitcoin with his business.
After the closure of Joker Stash, many other carding sites have established themselves in the criminal underground, among them the platforms “Ferum Shop”, “UAS” and “Trump Dump.”
“Since then, we have seen an increase in the emergence of several new platforms for the sale of debit and credit cards to meet the illegal demand for compromised payment cards.” Cyble continues.
BidenCash launched in April 2022 and was considered a low-key credit card shop. However, operators have pursued an aggressive commercial strategy, periodically releasing batches of payment card data free of charge.
In June 2022, BidenCash ha released over 7.9 million payment card data records from 2019 to 2022.
The monitoring activity of these platforms is crucial by security companies, banks, and obviously law enforcement agencies.
Promptly identifying batches of “fraudulently obtained” cards can help prevent large losses for financial organizations as well as their holders.