‘Largest ever’ dark web card dump discovered

Credit and debit card database has estimated market value of $130 million

A huge database of payment card records largely belonging to Indian banks has been discovered for sale on the dark web.

The stash was found listed on Joker’s Stash, an underground ‘card shop’, on October 28 and holds more than 1.3 million credit and debit card records, making it the largest database of its kind ever discovered. Substantial payment leaks have occurred before, but they are usually uploaded in several smaller parts at different times.

Group-IB, the Singapore-based cyber security firm that detected the leak, estimated the market value of the database to be around $130 million. Researchers for the company warned the data could be used to clone cards capable of withdrawing cash.

Analysis of the breach revealed that 98 percent of the cards belong to Indian banks and a small portion (1 percent) belong to Columbian banks. Almost a fifth of the records belong to a single Indian bank, whose identity the researchers did not disclose.

“This is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once,” said Ilya Sachkov, CEO and founder of Group-IB.

“What is also interesting about this particular case is that the database that went on sale hadn’t been promoted prior either in the news, on card shop or even on forums on the dark net,” Sachkov added.

“The cards from this region are very rare on underground markets, in the past 12 months it is the only big sale of card dumps related to Indian banks. Group-IB’s Threat Intelligence customers have already been notified about the sale of this database. The information was also shared with proper authorities.”