Around 1.3 Million Indian Payment Cards Are On Sale On The Dark Web

In something security researchers call one of the largest card dumps in the past few years, details on over 1.3 million payment cards are now on Joker’s Stash for sale. The site is by far the biggest carding shop on the internet.

The information comes mainly from Indian cardholders, and according to Group-IB, a company working in cyber defense, the hackers charge each card around $100, making the total earnings reach $130 million.

Since the breach was discovered only hours ago, the company has not had enough time to trace the source of this massive and serious data leak.

For now, all we have are some data analysis suggesting that the data might be gathered by skimming devices on PoS systems or ATMs.

These projections are made based on the fact that the card dump contains Track 2 data, which can be found on the magnetic stripe of a payment card. This also eliminates the theory that the hackers installed skimmers on websites, which have no information on Track 1 and Track 2.

In addition, these cards are issued by several different banks, not just one, so it is impossible that only one bank’s ATMs are compromised.

In a report from Group-IB, the company said that over 550.000 card dumps had been analyzed by its researchers. We will hear more from the company when it issues an official report today.

According to the company, over 98% of the cards came from banks in India, and the other belongs to those in Columbia. Furthermore, among the 550.000 cards, 18% is issued by one single bank based in India.

What makes this recent card dump serious is its sheer magnitude. Other similar incidents involve fewer cards’ details, and they usually come from all over the world, not just one single country comprising more than 90%. For example, the picture below shows a card dump on Joker Stash with the list of countries varies:

According to security researchers, Joker’s Stash is like a marketplace for hackers and other criminal groups to sell and buy payment cards’ information, which they usually advertised as card dump.

Joker Stash is among the oldest shops you can find on the dark web, and it has long been the place for cybercriminals like FIN7 and FIN6 selling card dump that they steal.

Those who buy the card information from marketplaces like Joker Stash mainly want to clone them so that they can withdraw money from ATMs in “cash outs.”

This card dump involving a large number of Indian banks is the third major data breaches happening this year, in terms of magnitude.

Back in February, the details of more than 2.15 million American cardholders were on sale on the same marketplace. This was part of the “DaVinci Breach,” a large card dump.

Another similar incident took place in August, and it involved the card information from 5.3 million cards stolen from customers of Hy-Vee were put up for sale on Joker’s Stash.

South Korean users also fell victims of a data breach this year in two smaller card dumps involving information of 230.000 and 890.000 cards in June and July.

Unlike other smaller incidents, this card dump was uploaded in one go, which suggests that the hackers might want to sell them as soon as possible before Indian banks find out about the breach and come up with countermeasures.

According to Group-IB, cards from these regions are rare on the dark market, and this is the largest card dump having relation to Indian banks. All proper authorities have been notified of the incident.