The dark web marketplace BidenCash has leaked a database that contains 2,165,700 debit and credit cards for its first anniversary. The millions of information revealed were even advertised to celebrate the marketplace's first anniversary.

(Photo : Getty Images)

The Leak is Free for All

BidenCash's celebratory announcement stated that they were thrilled to have reached their first anniversary as an online store. It thanked its customers for choosing its store and trusting them to provide "quality products and excellent service."

The massive number of payment cards released was comprised of at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards. Although some were duplicates, that still leaves 2,141,564 unique cards, says D3Lab Head of Threat Intelligence, Andrea Draghetti.

Along with the cards within the dataset were names, emails, phone numbers, and addresses. Card information such as CVV codes and the cards' expiration dates which go up to 2052 was also included, as mentioned in Bleeping Computer.

Aside from the risk of having payment card information exposed to the public, there's also the threat of phishing scams given that around 497,000 unique email addresses were leaked, which totals 28,000 unique email domains, Draghetti mentioned.

Although the validity of the leaked cards is yet to be confirmed, there are still a number of scams that cybercriminals can use the information for like identity theft and other scams, even after the credit and debit cards expires.

Around 30% of the randomly picked credit cards were analyzed by D3Lab at the time, and it turned out to be usable, which means cybercriminals or fraudsters are fully capable of using them.

Affected Cards

Cyble analyzed the leaked records and release a breakdown of the number of cards in each country and bank, which is as follows:

Countries:

• United States: 965,846

• Mexico: 97,665

• China: 97,003

• United Kingdom: 86,313

• Canada: 36,906

• India: 36,672

• Italy: 23,009

• South Africa: 22,798

• Australia: 21,361

• Brazil: 19,700

Banks:

Chase Bank USA, N.A.: 

• 118,826

Bank of America, N.A.: 

• 98,631

Wells Fargo Bank, N.A.: 

• 62,650

Capital One Bank (USA), National Association: 

• 50,832

Citibank, N.A.: 

• 47,851

Bank of America, National Association: 

• 35,249

BBVA Bancomer, S.A.: 

• 28,296

Capital One Bank (USA), N.A.: 

• 27,192

Others: 

• 1,696,173

Read Also: Hacker Accessed Toyota Supplier Portal and Informs Them of the Breach

Carding Market

BidenCash is in the business of carding, which is a term for a type of credit card fraud where the card is used to charge prepaid cards, making them virtually untraceable so cyber criminals can perform fraudulent acts undetected.

As mentioned in the Payments Journal, there are two types of carding in the market. Either the card information such as the cardholder's name, the card number, and the expiration date is given in text format, or card dumps that hold information from the card's magnetic stripes.

BidenCash is able to steal sensitive information through two methods. First is data-stealing malware, which can be found all over the web and can be installed if the user is not careful, and then there's point-of-sale devices.

Related: Hacker May Have Leaked Activision Employee Data and Upcoming Game Details