Singaporean cybersecurity company Group-IB has found around 400,000 payment card records of US and South Korean financial organisations on dark web Joker’s Stash.
The dark web has set a $1.99m price tag to the entire credit and debit card data set, which exposes 397,365 card records.
Of these, the majority are said to be South Korean card records accounting for up to 198,233 items or 49.9% of the records.
Around 49.3% of the records are said to be from US banks and financial organisations.
Individual cards are available at $5 each. The seller claims that the data set has a validity rate of nearly 30-40%.
Group-IB called the dump the “biggest sale of South Korean records on the dark web in 2020”.
The data dump holds Track 2 data including the data stored on the card’s magnetic stripe, bank identification number (BIN), account number, expiration date, as well as the card verification value (CVV).
“The Track 2 data (also referred as card dumps) is used for card present transactions and usually comes from infected POS terminal, from ATM skimmers or breached merchant’s payment system,” the cybersecurity company said.
The source of the compromised data is unknown, noted Group-IB.
The cybersecurity firm has already alerted the national CERTs (computer emergency response teams) and affected financial organisations about the breach.
Group-IB senior threat intelligence analyst Shawn Tay said: “Even though, there is not enough information in this dump to make online purchases, fraudsters who buy this data can still cash out stolen records.
“If a breach is not detected promptly by the card-issuing authority, crooks usually produce cloned cards („white plastic“) and swiftly withdraw money via ATMs or use cloned cards for illicit in-person purchases.”
This February, Group-IB found 461,976 payment card details, mostly from Indian banks, available for sale on Joker’s Stash.