Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected that a huge database holding more than 1.3 million credit and debit card records of mostly Indian banks’ customers was uploaded to Joker’s Stash on October 28. The underground market value of the database is estimated at more than $130 million.
The Joker's Stash -- one of the oldest card shops on the dark web which is known to be the place where major hackers sell card dumps.
The debit and credit cards belong to multiple Indian banks and are being sold for $100 each, in what security researchers have dubbed one of the biggest card dumps in recent years.
Early data analysis suggests the card details may have been obtained via skimming devices, installed either on ATMs or PoS systems.
This is because the card dump includes Track 2 data, usually found on a payment card's magnetic stripe. The presence of this kind of data automatically rules out skimmers installed on websites (Magecart attacks), where Track 1 and Track 2 is never used.
According to Group-IB’s report, The database under the name “INDIA-MIX-NEW-01” (full name: “ INDIA-MIX-NEW-01 (fresh skimmeD INDIA base): INDIA MIX TR1+TR2/TR2, HIGH VALID 90-95%, uploaded 2019-10-28 (NON-REFUNDABLE BASE”) has been on sale on one of the most notorious underground card shops, Joker’s Stash, since October 28, 2019. The database contains only credit and debit card dumps Track 2, while its name suggests that it holds both Track 1 and Track 2 records. Track 2 dumps can be used to produce cloned cards for further cashing out.
“It is true that big payment data leaks have happened before; however, the databases are usually uploaded in several smaller parts and at different times. This is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once. What is interesting about this particular case is that the dаtabase that went on sale hadn’t been promoted prior either in the news, on card shop or even on forums on the dark net. The cards from this region are very rare on underground markets, in the past 12 months it is the only big sale of card dumps related to Indian banks.” Says Ilya Sachkov CEO and founder at Group-IB
Most of the earlier card dumps were released in small batches, over time. While the Indian Card dump was published in one go, suggesting the hackers may want to monetize as many as possible before banks intervene to deploy countermeasures or invalidate cards.