4 lakh Indian debit and credit cards are selling for $9 apiece on the dark web

4 lakh Indian debit and credit cards are selling for $9 apiece on the dark web
India credit card payments and moneyPeresonalIncome.org/Flickr

  • A new data leak shows that 4 lakh Indian debit and credit cards of Indian banking customers are for sale on the dark web.
  • The report by Singapore-based Group IB claims that the cards are being sold for $9 apiece with the overall value of the database estimated to exceed $4.2 million.
  • Group IB believes that the details were likely stolen by tracking online transactions, not by skimming details from cards used at ATMs.
Another four lakh credit and debit card details are up for sale on the dark web, and 98% of them belong to customers from Indian banks. A report by Singapore-based security firm Group IB claims that the payment details were up for sale on Joker’s Stash — a secretive portal on the dark web for hackers to sell card dumps.

“The underground market value of the database is estimated at more than $4.2 million,” said the report stating that each card was being sold for $9 apiece.

The 461,976 payment records include exposed card numbers, expiration dates, and CVV codes. Others have additional information like cardholders’ full names, emails, phone numbers and addresses.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The data can be used to make fraudulent transactions, especially if the accompanying phone numbers is included.

The cybersecurity firm was unable to determine the source of the leak. However, they have passed on the information to India’s Computer Emergency Response Team (CERT-In) so that they can take the necessary steps.

The database is named “INDIA-BIG-MIX” and was uploaded on 5 February 2020.

The data was likely compromised online
According to Group IB, the information found in the database was likely compromised online. That’s what makes it different from the data leak from last year.

“In the current case, we are dealing with so-called fullz… with the use of phishing, malware or JS-sniffers,” said Group IB.

In October 2019— when the same portal was found to be selling the debit and credit card data of 1.3 million Indian banking customers — the firm believed that the information was stolen from magnetic stripes on cards.

“Early data analysis suggests the card details may have been obtained via skimming devices, installed either on ATMs or point of sale (PoS) systems,” said the Group IB’s earlier report.

See also:
Bank details of 1.3 million Indians is up for sale on the dark web

Biggest data leaks of 2019 that hit Indians

RBI's new cybersecurity guidelines are pushing India's 1,574 urban cooperative banks to bring digital services up to snuff