01/29/2020Cybercrime, Darknet News

The market platform Joker’s Stash which is specialized in financial information is starting to publish a new brand of freshly acquired credit card datasets: Dubbed “BIGBADABOOM-III”, Joker’s Stash announced yesterday, that a fresh set of over 30 million credit cards will be released, the first batch was already published on the site. According to Joker’s Stash, the credit card data include over 30.000 Bins with card data from over 40 US States and 100 different countries.

Release Linked to Wawa Breach

According to the self-proclaimed security expert Brian Krebs, the stolen credit cards have come from the Wawa

“Gemini has determined that the point of compromise for BIGBADABOOM-III is Wawa, an East Coast-based convenience store and gas station. CEO Chris Gheysens claimed that the company discovered the breach on December 10, 2019, and removed the malware within two days. However, it had potentially infected all of Wawa’s payment processing servers and collected customer payment card data since March 4, 2019. This data reportedly included card numbers, expiration dates, and cardholder names. While the full extent of the breach remains unknown, it may affect all payment terminals and fuel dispensers at every Wawa location.”

Furthermore, the Wawa breach supposedly aligns with Joker’s Stash’s tactic of adding records stolen from large merchants in publicly disclosed major breaches only after the breach is announced. Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 100,000 records. These records seem to correlate with Wawa locations in Florida and Virginia; Gemini claims that analysts have identified compromised locations in all six states in which Wawa operates.

As for the datasets itself, it includes everything you need since the CC information contains full Track1 and Track2 dumps (TR1+TR2), which is enough to write a blank card with legit information.

Winner: Darknet

While it seems that indeed the release is related to the Wawa breach, darknet consumers couldn’t care less from where the datasets actually came from as long as they work. While there may be some doubts remaining that all this credit card information is from Wawa customers, experts agree that this was yet another win for Joker’s Stash and darknet users – as long as companies are not able to protect their customers credit card information, these releases will continue to happen to the delight of darknet users looking for such datasets.