A dark web card marketplace called “BidenCash” released a huge dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial scams.
Carding is the trading and use of credit cards stolen by point-of-sale malware, Magicart attacks on websites, or information-stealing malware.
BidenCash is a stolen card marketplace that launched in June 2022 and leaked a few thousand cards as a promotional ploy.
Now the operators of the market have decided to promote the site with a much more massive dump in the same way that the similar platform All World Cards did in August 2021.
Threat actors yesterday announced the credit card dump on new URLs that BidenCash launched late last month in response to distributed denial of service (DDoS) attacks, so this could be a way to promote the new shop domains.
To ensure wider reach, the crooks spread the collection through a clearnet domain and other hacking and carding forums.
The freely circulating file contains a mix of “fresh” maps from around the world expiring between 2023 and 2026, but most of the entries appear to be from the United States.
The dump of 1.2 million credit cards includes the following credit card and associated personal information:
- card number
- expiry date
- CVV number
- The owner’s name
- bank name
- Card type, status and class
- Address, state and zip code of holder
- phone number
Not all of the above details are available for all 1.2 million records, but most of the records BleepingComputer sees contain over 70% of the data types.
The “Special Event” offer was first spotted on Friday by Italian security researchers from D3Lab, who monitor carding sites on the dark web.
The analysts claim that these cards mainly come from web skimmers, which are malicious scripts injected into checkout pages of hacked e-commerce websites and steal submitted credit card and customer information.
authenticity of the landfill
Dark web posts and offers of this size are usually scams, so the massive dump of maps could easily be fake data or recycled data from old dumps repackaged under a new name.
BleepingComputer has discussed the authenticity with analysts from D3Lab, who confirmed that the data at several Italian banks is genuine, so the leaked entries correspond to real cards and cardholders.
However, many of the entries were reused from previous collections, such as the one that All World Cards gave away for free last year.
Of the data D3Labs has examined so far, about 30% appears to be fresh, so if that’s roughly true of the entire dump, at least 350,000 cards would still be valid.
Of the Italian cards, around 50% have already been blocked because the issuing banks detected fraudulent activity, which means that the actual usable entries in the leaked collection can only be 10%.