Thursday, May 8, 2025
Homecyber securityUnderground Carding Marketplace BidenCash Leaked 2 Million Credit Cards

Underground Carding Marketplace BidenCash Leaked 2 Million Credit Cards

Published on

SIEM as a Service

Follow Us on Google News

BidenCash, a new entrant in the underground carding business, has announced a 1-year anniversary promotion in which it is offering the data of 2 million credit cards for free.

This leaked dataset comprises credit card information sourced from various regions globally, with a considerable proportion of the cards issued in the following locations:-

  • The United States
  • China
  • Mexico
  • India
  • Canada
  • The UK

It has come to light that the compromised data includes over 500,000 email addresses, each of which is linked to its corresponding credit card number and even the CVV code. 

- Advertisement - Google News

To make matters worse, all this sensitive information was in plain text, making it easy for unauthorized access and potential misuse.

Types of Data Involved

There are a number of cardholder details that have been leaked, including:-

  • Full names
  • Card numbers
  • Bank details
  • Expiration dates
  • Card verification value (CVV) numbers
  • Home addresses

It is a common practice for cybercriminals to trade stolen information via the dark web. However, in the case of BidenCash, the situation is unique as the individual responsible for managing the carding site has opted to release a massive amount of sensitive data into the public domain, which could have severe repercussions.

According to the report, It’s important to highlight that the screenshot mentioned above displays a whopping 260 MB of data that has been exposed. Furthermore, this leaked information has found its way onto a renowned Russian-language hacker forum, which could lead to further illicit activities.

It has come to light that malicious individuals, commonly referred to as threat actors, resort to procuring payment cards that have passed their expiry date to acquire additional details regarding potential targets.

The compromised data in question comprised a minimum of:-

  • 740,858 credit cards
  • 811,676 debit cards
  • 293 charge cards

Debit cardholders face a comparatively greater degree of risk than credit cardholders because of varying fraud protection policies.

Records Leaked by Country

As a result of the data leaks, the following countries have the most records:-

  • UNITED STATES: 965,846
  • MEXICO: 97,665
  • CHINA: 97,003
  • UNITED KINGDOM: 86,313
  • CANADA: 36,906
  • INDIA: 36,672
  • ITALY: 23,009
  • SOUTH AFRICA: 22,798
  • AUSTRALIA: 21,361
  • BRAZIL: 19,700

Most Impacted Banks

Below is a list of the top ten most impacted banks in order of impact:-

  • CHASE BANK USA, N.A.: 118,826
  • BANK OF AMERICA, N.A.: 98,631
  • WELLS FARGO BANK, N.A.: 62,650
  • CAPITAL ONE BANK (USA), NATIONAL ASSOCIATION: 50,832
  • CITIBANK N.A.: 47,851
  • BANK OF AMERICA, NATIONAL ASSOCIATION: 35,249
  • BBVA BANCOMER, S.A.: 28,296
  • CAPITAL ONE BANK (USA), N.A.: 27,192
  • Others: 1,696,173

The exposure of email addresses and complete personal information in the compromised data makes the affected individuals susceptible to a host of additional cyberattacks, such as:-

  • Phishing
  • Identity theft
  • Scams

Despite the expiration of their card details, the risks associated with these cards can persist for a considerable period of time.

As observed in the case of BidenCash, cybercriminals often engage in fraudulent activities by making use of illegally obtained credit cards, which they procure from online carding marketplaces. This is a common practice among malicious actors seeking to make a quick profit through illegal means.

Network Security Checklist – Download Free E-Book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...