Cyber-security researchers on Wednesday said they have discovered a massive leak involving over nine million cardholders' financial data that includes customers of the State Bank of India (SBI).
The threat intelligence team of AI-driven Singapore-headquartered CloudSEK discovered a threat actor advertising a database of 1.2 million cards for free on a Russian-speaking Dark Web cybercrime forum.
This followed another incident of 7.9 million cardholder data advertised on the
BidenCash website.
Unlike previous records, this time, the hackers released sensitive Personal Identifiable Information (PII) information such as SSN, card details and CVV, the team revealed.
"State Bank of India, Fiserv Solutions LLC, and American Express were some of the top banking institutions which were affected. There were approximately 508,000 debit cards breached with 414,000 records of
Visa payment network followed by Mastercard," the security researchers said.
The majority of personal emails associated with the card details were exposed. Other official email records were found to be exposed associated with SoftBank, Bank of Singapore, and
World Bank from the previous data breach by BidenCash.
"Marketplaces like BidenCash emerge frequently where the threat actors trade-sensitive card data for carding and cloning services. While the modern-day security mechanisms are able to minimise the impact, threat actors regularly check to deploy new methods to bypass them," said
Rishika Desai, Cyber Threat Researcher- CloudSEK.
Leaked PII could enable threat actors to orchestrate social engineering schemes, phishing attacks, and even identity theft.
"Exposed card details might be used by them to carry out attacks such as card trafficking, card cloning, and unauthenticated transactions to facilitate illegal purchases," said researchers.
The motivation behind these data leaks was to gain more traffic to their website and establish a reputation.
The BidenCash forum became active in early February 2022. Post that the threat actor resorted to various ways to gain traffic to his website such as spamming comments on websites.
"On a personal level, trying to track your card transactions, and being aware of malicious sites luring off a great deal can help prevent to a greater extent. With the BidenCash group trying to gain popularity through various measures, leaking card data motivate other groups to follow the same steps," Desai noted.
SEE ALSO:
One-year-old fitness startup by IIT graduates raises $3.4 million in seed fundingBYJU's consolidates India business, 5% workforce to be 'rationalised' across teams
Next Story
2 states where home prices are falling because there are too many houses and not enough buyers
US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
9 health benefits of drinking sugarcane juice in summer
10 benefits of incorporating almond oil into your daily diet
From heart health to detoxification: 10 reasons to eat beetroot
Why did a NASA spacecraft suddenly start talking gibberish after more than 45 years of operation? What fixed it?
ICICI Bank shares climb nearly 5% after Q4 earnings; mcap soars by ₹36,555.4 crore
