Thousands Of Card Details And User's Data Lands On The Darknet

01/25/2022Cybercrime, Darknet News

First things first, right? Now, over the last six months, private user’s information has been leaked and traded on the dark web for as low as $10. Data from the US and UK makes the highest percentage of information being sold on the dark web – from personal data over credit card details to social security numbers. For those who might not be aware, the dark web is part of the internet only accessible through special browsers. It’s arguably the most secretive part of the internet and it’s not visible to search engines.

Most of the information being sold on the dark web is obtained by hackers who gain unauthorized access into various servers. The information is later sold on the dark web in exchange for Bitcoin. In some instances, the hackers may request the victims to send them some money as ransom. In such circumstances, failure to pay the requested money usually leads to exposure of this information.

Among the information that is slowly crowding most dark web marketplaces is debit and credit card details. In 2021 alone, more than 1.8 million credit cards landed on the dark web. Half of this is from the U.K and the United States.

Trade on credit and debit cards

The year 2019 is remembered as the year that the trade on stolen credit and debit card details went to a whole new level. Hackers allegedly dumped more than 30 million credit card records on the dark web. The cards were stolen during a data breach that took place at a US gas station and a chain of convenience stores.

The breach which remained undetected for almost nine months was as a result of an attack on POS ( point of sale) devices. More than 860 stores were affected and 600 of the affected stores were gas stations. The company was hit at the core and it has been very difficult to recover from the attack.

These cards being sold contain all necessary information to make a purchase. From the name on the card, the number, expiry date to the CVV number, you get all in one. Since the Coronavirus pandemic hit in early 2020, there has been an increase in the number of cards being sold on the dark web. This is because of the increased number of people shopping online that are targeted by the fraudsters.

Now, this information is stolen in different ways. The most popular tactic is tricking targets into clicking on malicious links. The links which are usually sent through mail or message puts malware on their computers. After planting the malware, the hackers can now easily track keystrokes. Another method is through finding security flaws in retail or banking websites that enable the theft of card details. Hackers can also create replica sites of a legitimate website. This is currently the most effective method because most victims don’t seem to know about it.

In a recent publication on their website, CyberIn, a cybersecurity firm disclosed that several debit and credit cards had recently landed on different marketplaces on the dark web. They didn’t disclose the identity of the forums or markets where such information was posted, but some of the most dominant carding marketplaces are UniCC, AllWorld.Cards or CrdClub–a Russian speaking forum.

One specific incident was on January 14 where a vendor offered to sell unauthorized shell accesses allegedly for a Spanish e-commerce company on a Russian-speaking underground forum. Even though the dark web vendor did not detail how this access has been seized, it is stated that 70% of the accesses are credit and debit cards and 20% of those are PayPal. The vendor also set a starting price of $200 for the auction. It’s alleged that messages from interested bidders had already flocked the vendor’s inbox.

UniCC Announces it’s retirement

This information comes barely a week after UniCC announced it’s retirement. UniCC, which is arguably the largest market for credit and debit cards in operation right now, has been in the business for around 8 years. The site started operating in 2013 and ever since, it has been home to millions of stolen credit and debit card details. Most sellers and buyers of such information who operate on this platform are really heartbroken. Of course they have to be worried, even though dark web enthusiasts expect the gap left to be filled any time soon.

In the US alone, more than 100,000 cards landed on the dark web in the last one month. The average price of a card ranges from $10 to $20. But remember, they’re sold in bulk so it generates a lot of money. Payments are strictly done in cryptocurrency because of the difficulty in tracing transactions.

Something which most people don’t know is that Telegram is another place where vendors sell these cards. Through various Telegram channels, the traders advertise their products to the subscribers who are also the customers. And in most instances, every dark web marketplace must have a side telegram channel. It’s through Telegram that most communications are made.

On the same note, CardStarterOfficiall and Gift Card Market are just examples of the most dominant players. On these channels, you’ll get hundreds of card details for sale, and the moderators are always there for any form of assistance or inquiry. Gift Card Market, just like its name, mainly focuses on the sale of stolen gift cards.

Other incidences

In January 2022 alone, there’s a lot of information already posted on various dark web marketplaces and forums

On 5th, a stolen database of Skyxe Saskatoon Airport was posted on the dark web. The vendor who shared the information even shared samples while demonstrating the contents of the database. According to the shared samples, the documents include airport plans, financial sheets and sensitive contracts. The vendor also stated that the database was obtained on December 3, 2021, and is up to date.

On January 13, a Portuguese media giant was hacked and the post announcing the attack was detected in the Lapsus$ ransomware group Telegram channel.

The information which was posted in both English and Portuguese read; “Over 50tb of data is copied from the cloud and intranet systems over the past weeks and has been erased from the Ministério da Saúde systems.”

They further requested the media group to contact them for a discussion, “We request for the Ministério da Saúde ADMIN/EXECUTIVE to contact us on [email protected] for the data return. and to avoid leakage.” So far, the media company which has a TV channel, a newspaper and various magazines with a revenue of over $19 million hasn’t said a word on the incident.