One of the most recent players in the underground carding business, BidenCash, is giving away data for 2 million credit cards for its 1-year anniversary promo.
According to Hackread.com, the leaked info contains more than 500,000 email addresses with associated credit card numbers and even CVV codes, all in plain text.
Info on over 2.1 million cards belonging to people from around the world is included in the carding dump, predominantly from users in the US, Canada, Mexico, the UK, Italy, India, China and Australia.
The leaked datasets also include users’ full names, and banking details such as expiry dates and home addresses.
“We are thrilled to have reached our first year anniversary as an online store, and we couldn’t have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products and excellent service,” the post reads. “We are proud to have you as a customer and we look forward to continuing to serve you in the coming years. Your loyalty and trust are what motivate us to keep improving and growing our business.”
Researchers also noted the trove of data conveniently wrapped in a 260 MB file was also leaked on a separate Russian hacking forum.
The exposed financial data and associated personally identifiable information may pose significant financial risks to affected individuals long after their exposed credit card expires.
While some of the credit cards peddled on illicit underground marketplaces may have already been blocked by the issuing bank (due to fraudulent activity), it doesn’t mean that the associated data of credit card holders can’t be used in further crimes.
The data dump released by BidenCash contains a variety of personally identifiable information that puts consumers at risk of phishing attempts, identity theft and other related scams.
Caution and proactive measures are necessary when dealing with identity-related crimes. Check out Bitdefender Identity Theft protection plans (US only) to fight identity theft and stem the financial and emotional damages it inflicts. Our solution combines advanced detection technology, financial account monitoring real-time alerts, 24/7 US-based support, and identity recovery. It monitors your SSN, email address and phone numbers in places where they should not be listed (including the Dark Web) and alerts you to changes in your address, court records in your name, and payday loans taken out in your name.