According to cybersecurity firm Q6 , a Russian hacking group posted information about 1 million credit card accounts on the dark web and has made the stolen information available to criminals for fraudulent use.
The cards were stolen between 2018 and 2019 and were leaked on a marketplace of stolen cards called AllWord.Cards.
According to Cyble researchers, hackers leaked this sample data to promote their dark web transaction marketplace, where more than 20 percent of credit cards are still valid. The marketplace has been in existence since May 2021 and is also accessible on the Tor service.
The leaked information includes credit card numbers, expiration dates, CVV numbers, names, addresses, zip codes, email addresses and phone information.
The breach affected as many as 500 banks, including JPMorgan Chase and Toronto-based TD Bank, with some 83,433 cards originating from the United States.
The leak was also analyzed by Italian cybersecurity firm D3 Labs, which says more than 50 percent of the cards are still valid.
The researchers said, "At the moment, feedback back to our analysis team is still limited, but the leaked out credit cards are still running have 50% and have not yet been identified as compromised."
"Cards marketed on swipe sites usually have different sources: gas station or supermarket point-of-sale skimmers, from phishing, from the databases of compromised sites, and so on. "
The D3 Labs researchers said the All World Cards planners began advertising their services on their website in early June.
"Conceivably, the data was shared for free to entice other criminal actors to frequent their sites and buy additional stolen data from unsuspecting victims. " the researchers said.
Because the data was stolen several years ago, it may be difficult to determine where they came from, whether from a single source or multiple sources, according to Javvad Malik, KnowBe4's security awareness advocate.
"This suggests that criminals can also exploit preexisting security vulnerabilities to gain control again years after the fact if the breach is not obvious or noticed. Therefore, all businesses should be vigilant at all times. "He said.
"The good news is that the banking industry has tested risk controls in place to deal with stolen credit cards and fraudulent transactions. Consumers should always double-check their bank statements to ensure there are no unknown transactions, and if there is any suspicious activity, they should contact their bank as soon as possible to freeze the old card and use a new one. "