A database containing more than 450,000 payment card details of Indian banks has been uploaded on to the darknet, Singapore-based cybersecurity company Group-IB has revealed.
The entire database has 461,976 payment card records, of which 98% belong to large Indian banks, the firm said, and was uploaded on to card shop website Joker’s Stash, used by cybercriminals to buy and sell card data on the darknet.
The darknet is a network of secret websites that exist on an encrypted network, hidden from the internet as we see it.
The website holds large datasets of cards and claims that it hosts the most current payment card details accessed through breaches, rather than through hosting recycled data.
Group 1B did not reveal the names of the Indian banks.
The database contains card numbers, expiry dates, CVV/CVC codes, full names of cardholders, email ids, phone numbers and addresses.
According to Group-IB estimates, the underground market value of the database is more than $4.2 million at $9 apiece.
As of February 6, 16 cards have been sold. The source of the database, however, remains unknown, Group-1B said.
The firm has informed the Indian Computer Emergency Response Team (CERT-In), the country’s nodal cyber security agency, about the sale of the payment records.
CERT-In did not reply to ET’s queries until press time on Friday.
“Such type of data is likely to have been compromised online — with the use of phishing, malware…we have shared all the information discovered with our colleagues from CERT-In,” said Dmitry Shestakov, Head of Group-IB’s сybercrime research unit.
This is the second major incident related to upload of payment records of Indian cardholders that Group-IB has reported in the last six months.
The new database is different because these cards were likely compromised online, it said.
In the first case reported in October, card dumps (the information contained in the card’s magnetic stripe) could have been stolen through compromised offline point of sale terminals, it said.
Leave a Reply