Indian’s Credit, Debit Card Up For Sale On Dark Web: Group IB

New Delhi. A Singapore based Cyber Security Company Group-IB that specializes in preventing cyber attacks, has detected a database of 4,61,976 card payments details uploaded to one of the most popular darknet card shops Joker’s Stash, one of the most secretive portals on the darknet for buying such financial information.

Data Leak

Group-IB said it already informed Indian watchdog Computer Emergency Response Team (CERT) about the leak, so they could take immediate steps to stop the misuse of these card details.

Type of Data
According to the company over 98% of data available on Joker’s Stash were from the biggest Indian banks. The underground market of the data valued around $4.2 million per user Joker’s Stash fixed the price of $9. But the source of this batch currently remains unknown, the company said.

Company also unveils that the data, put up for sale on Joker’s Stash, includes sensitive details like 14-16 digit card numbers, Expiration dates, CVV/CVC codes, Cardholders’ names, and even their email addresses said Group-IB.

"On February 5, a new database under the name "INDIA-BIG-MIX" (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE) went on sale on the Joker's Stash - one of the most popular underground card shops," Company said.

Not first time
Group-IB said in his statement that this is the second instance of Indian cardholders' details being put up for sale on Joker's Stash that has been detected by company. In October 2019, the firm found a database of around 1.3 million credit and debit card records of mostly Indian banks' customers uploaded to the Dark Web cardshop.

How hackers target
Head of Group-IB Cybercrime research unit Dmitry Shestakov said that such type of data is likely to have been compromised online - with the use of phishing, malware, or JS-sniffers - while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example,".

However, while explaining the scenario the security company mentioned that one of the reasons behind the carding market boosting were the activities of JS-sniffers, which enables their operators to steal payment card data from e-Commerce websites such as Flipkart/Amazon.

RBI’s report on cyber frauds
According to the Reserve Bank of India’s 2018-19 annual report, there were 1,866 instances of frauds through cards and internet banking. An average of Rs. 20 lakh was stolen per fraud, the RBI’s data said.

What do we do?
As I go through the details and recent news that India is the third most vulnerable country in the world when it comes to cyber threat risk, security solutions provider Symantec had pronounced last year. All of which goes to make the point that with increased digitization and even increased centralized of datasets, the risk of remote agents crippling the country’s assets has also risen fearfully.

So I suggest that strengthening our cyber security management and digital awareness must keep pace. As we know, in rural areas people have a lack of awareness on these issues even they don’t know how they complain if there is any cyber attack or data theft. We have recently noticed several incidents where their data or money had been lost in a cyber attack or financial fraud. More recently a special web series has come on this issue on Netflix attention more about these issues.

We at Social Media matters have been working on raising awareness about online safety via workshops, research and content. In case you would like to book a workshop with us, please get in touch us.
Copyright © 2024 Social Media Matters. All Rights Reserved.