Group-IB specialists found a database containing 397,365 credit and debit cards issued by banks and financial institutions in South Korea and the USA on the Joker's Stash carding resource.
The dump, uploaded to the network on April 9, 2020, was estimated by the seller at 1,985,835 US dollars, that is, about $ 5 per record. At the same time, the seller claims that the database contains data about 30-40% of valid cards.
Researchers write that this is the largest sale of South Korean cards in 2020: 49.9% of the records (198,233) in the database belong to users of banks in this particular country. The fact is that data on the cards of banks in South Korea is a very rare product in the dark. So, the last major dump from this country appeared on sale more than 8 months ago.
The detected dump mainly contains data about the second track, that is, information stored on the magnetic stripe of the card, which includes the bank identification number (BIN), account number, expiration date, and may also include CVV. The data of the second track is used to carry out transactions for which the user needs to physically present the card. That is, theft usually occurs with the help of an infected POS terminal, a skimmer at an ATM, or through a compromise of a seller’s payment system.
In this case, the source of compromise remains unknown. Group-IB has already informed the relevant authorities in South Korea and the United States so that they can take the necessary steps to protect affected companies and users.
“Although published information is not enough to make purchases on the Internet, fraudsters who buy this data can still monetize them,” said Shawn Tay, senior Threat Intelligence analyst at Group-IB. “One way is to issue a clone card (the so-called“ white plastic ”), with which criminals can withdraw money through ATMs or use cloned cards to buy goods in a store.”