May 25, 2024
Bidencash Market Leaks Over 2 Million Stolen Credit Cards For Free

Bidencash Market Leaks Over 2 Million Stolen Credit Cards For Free

A card marketplace known as BidenCash leaked a free database of 2,165,700 debit and credit cards online to celebrate its first birthday.

Rather than keeping it a secret, the threat actors announced this massive leak on an underground cybercrime forum to gain wider reach and gain as much attention as possible.

According to the Cyble researchers who first saw it, the leaked information is extensive, detailing “at least 740,858 credit cards, 811,676 debit cards, and 293 debit cards.”

Of these, there were tens of thousands of duplicates, but there are still 2,141,564 unique copies, according to D3Lab’s head of threat intelligence, Andrea Draghetti.

The dataset contains personally identifiable information such as names, emails, phone numbers, home addresses, and payment card details, including card expiration dates and CVV codes, with card expiration dates going back to 2052.

Draghetti told BleepingComputer that the huge database also contains about 497,000 unique email addresses, totaling more than 28,000 unique email domains, which could prove invaluable as ammunition in future targeted phishing scams and other fraudulent campaigns.

“We are thrilled to have reached our first anniversary as an online store and we couldn’t have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products and excellent service,” said BidenCash. read ad.

“We are proud to have you as a customer and look forward to serving you for many years to come. Your loyalty and trust motivate us to continue improving and expanding our business.”

While researchers cannot tell BleepingComputer how much information leaked online by BidenCash for free is valid, the risk of it being used by fraudsters and cybercriminals cannot be underestimated.

“The presence of full email addresses and information (commonly referred to as “Fullz” by cyber criminals) makes victims of this vulnerability vulnerable to other attacks such as phishing, identity theft, and scams long after the card details have expired,” Cyble said.


Most records leaked by country (Cyble)

Carding has been operating since February 28, 2022, and reached fifth place in total volume in a ranking compiled by threat intelligence company Flashpoint.

This isn’t the first time BidenCash has used free credit card leaks for promotion either, as such “marketing” tactics have always been a part of the card market world.

In October, the card store released another free dump of 1,221,551 credit cards, and just like this week, the bad guys spread it via a clearnet domain and various other hacking and card forums.

About 30% of a random sample of leaked credit cards analyzed by D3Lab at the time were “fresh” (usable for financial fraud).

Another card marketplace, All World Cards, similarly promoted itself in August 2021 when it leaked 1,000,000 credit cards for free on various hacker forums.