- A new
data leak shows that 4 lakh Indian debit and credit cards of Indian banking customers are for sale on thedark web . - The report by Singapore-based Group IB claims that the cards are being sold for $9 apiece with the overall value of the database estimated to exceed $4.2 million.
- Group IB believes that the details were likely stolen by tracking online transactions, not by skimming details from cards used at ATMs.
“The underground market value of the database is estimated at more than $4.2 million,” said the report stating that each card was being sold for $9 apiece.
The 461,976 payment records include exposed card numbers, expiration dates, and CVV codes. Others have additional information like cardholders’ full names, emails, phone numbers and addresses.
The data can be used to make fraudulent transactions, especially if the accompanying phone numbers is included.
The cybersecurity firm was unable to determine the source of the leak. However, they have passed on the information to India’s Computer Emergency Response Team (CERT-In) so that they can take the necessary steps.
The database is named “INDIA-BIG-MIX” and was uploaded on 5 February 2020.
The data was likely compromised online
According to Group IB, the information found in the database was likely compromised online. That’s what makes it different from the data leak from last year.
“In the current case, we are dealing with so-called fullz… with the use of phishing, malware or JS-sniffers,” said Group IB.
In October 2019— when the same portal was found to be $4 — the firm believed that the information was stolen from magnetic stripes on cards.
“Early data analysis suggests the card details may have been obtained via skimming devices, installed either on ATMs or point of sale (PoS) systems,” said the Group IB’s earlier report.
See also:
$4
$4
RBI's new cybersecurity guidelines are pushing India's 1,574 urban cooperative banks to bring digital services up to snuff>$4