Contents:
A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much attention as possible.
The Leak in Detail
The leaked database contained personal information such as names, email addresses, home addresses, phone numbers, and payment card details including expiration dates and CVV codes, with expiration dates as far as 2052.
We are thrilled to have reached our first year anniversary as an online store, and we couldn’t have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products and excellent service,
BidenCash Leak Announcement
BidenCash Credit Cards Leak (Source)
According to BleepingComputer, the database contained about 497,000 unique email addresses, with more than 28,000 unique email domains, which could be used in future targeted phishing scams and other fraud campaigns.
So far, cybersecurity researchers weren’t able to confirm how much information from the leaked database is actually valid. Still, the risk of information being used by threat actors for malicious purposes cannot be underestimated.
The leakage of the email addresses and PII will increase the victims’ risk of being targeted in future attacks such as phishing, identity theft, and others scams for a long time past the expiration of their card details.
Not the First BidenCash Leak
Because free credit card leaks have long been a feature of the carding marketplace industry, BidenCash has also used them in the past to promote itself.
Similar to what happened this week, the carding shop provided another free dump of 1,221,551 credit cards in October. The threat actors shared it using a clearnet domain and many other hacking and carding forums.
BidenCash has been active since February 28, 2022, and its already the fifth-largest carding shop based on total volume.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.