Group-IB experts said that recently a huge database containing more than 1.3 million credit and debit card entries, mainly owned by customers of Indian banks, was uploaded to the well-known Joker’s Stash carding resource.
This is not only one of the largest databases uploaded to the black market, but perhaps one of the most expensive. Information about each card in the set is estimated at $ 100, that is, the total cost of the database is approximately $ 130 million.
The dump was published under the name “INDIA-MIX-NEW-01” and has been on sale since October 28, 2019. The database contains copies of the magnetic strips of credit and debit cards, namely Track 2, although the full name of the dump reports that it contains the entries Track 1 and Track 2 (see illustration below). Researchers note that Track 2 dumps can be used to produce cloned cards for further cash withdrawal.
According to the company, more than 98% of the records in the database belong to Indian banks, and another 1% to Colombian banks. More than 18% of the data in the database is associated with one unnamed Indian bank.
Apparently, information about most of the cards was stolen either with the help of skimmers installed in ATMs, or through a malware store for PoS terminals. Interestingly, the presence of Track 1 and Track 2 in the database indicates that web skimmers like Magecart are not related to this dump.
“It’s true that big data breaches happened earlier; however, databases are usually loaded in several smaller parts and at different times. This is truly the largest card database encapsulated in a single file ever downloaded to clandestine markets right away. What is interesting in this particular case is that the database, which went on sale, had not previously been advertised in the news, or in the card store, or even on forums on the dark network. Cards from this region are very rare in clandestine markets; over the past 12 months, this is the only big sale of card dumps associated with Indian banks. Group-IB Threat Intelligence customers have already been notified of the sale of this database. The information was also shared with the relevant authorities, ”says Ilya Sachkov, head and founder of Group-IB.