Underground Carding Marketplace BidenCash Leaked 2 Million Credit Cards

BidenCash, a new entrant in the underground carding business, has announced a 1-year anniversary promotion in which it is offering the data of 2 million credit cards for free.

This leaked dataset comprises credit card information sourced from various regions globally, with a considerable proportion of the cards issued in the following locations:-

  • The United States
  • China
  • Mexico
  • India
  • Canada
  • The UK

It has come to light that the compromised data includes over 500,000 email addresses, each of which is linked to its corresponding credit card number and even the CVV code. 

To make matters worse, all this sensitive information was in plain text, making it easy for unauthorized access and potential misuse.

Types of Data Involved

There are a number of cardholder details that have been leaked, including:-

  • Full names
  • Card numbers
  • Bank details
  • Expiration dates
  • Card verification value (CVV) numbers
  • Home addresses

It is a common practice for cybercriminals to trade stolen information via the dark web. However, in the case of BidenCash, the situation is unique as the individual responsible for managing the carding site has opted to release a massive amount of sensitive data into the public domain, which could have severe repercussions.

According to the report, It’s important to highlight that the screenshot mentioned above displays a whopping 260 MB of data that has been exposed. Furthermore, this leaked information has found its way onto a renowned Russian-language hacker forum, which could lead to further illicit activities.

It has come to light that malicious individuals, commonly referred to as threat actors, resort to procuring payment cards that have passed their expiry date to acquire additional details regarding potential targets.

The compromised data in question comprised a minimum of:-

  • 740,858 credit cards
  • 811,676 debit cards
  • 293 charge cards

Debit cardholders face a comparatively greater degree of risk than credit cardholders because of varying fraud protection policies.

Records Leaked by Country

As a result of the data leaks, the following countries have the most records:-

  • UNITED STATES: 965,846
  • MEXICO: 97,665
  • CHINA: 97,003
  • UNITED KINGDOM: 86,313
  • CANADA: 36,906
  • INDIA: 36,672
  • ITALY: 23,009
  • SOUTH AFRICA: 22,798
  • AUSTRALIA: 21,361
  • BRAZIL: 19,700

Most Impacted Banks

Below is a list of the top ten most impacted banks in order of impact:-

  • CHASE BANK USA, N.A.: 118,826
  • BANK OF AMERICA, N.A.: 98,631
  • WELLS FARGO BANK, N.A.: 62,650
  • CAPITAL ONE BANK (USA), NATIONAL ASSOCIATION: 50,832
  • CITIBANK N.A.: 47,851
  • BANK OF AMERICA, NATIONAL ASSOCIATION: 35,249
  • BBVA BANCOMER, S.A.: 28,296
  • CAPITAL ONE BANK (USA), N.A.: 27,192
  • Others: 1,696,173

The exposure of email addresses and complete personal information in the compromised data makes the affected individuals susceptible to a host of additional cyberattacks, such as:-

  • Phishing
  • Identity theft
  • Scams

Despite the expiration of their card details, the risks associated with these cards can persist for a considerable period of time.

As observed in the case of BidenCash, cybercriminals often engage in fraudulent activities by making use of illegally obtained credit cards, which they procure from online carding marketplaces. This is a common practice among malicious actors seeking to make a quick profit through illegal means.

Network Security Checklist – Download Free E-Book

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

9 hours ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

2 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

2 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

2 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

3 days ago