A notorious illegal website where people can buy stolen credit cards has decided to to celebrate its first birthday by publishing, for free, a database with more than two million credit and debit card details.
As the leak was being announced upfront, the media speculate the goal is to get as much publicity and free advertising space as possible - so we won’t name the site.
Researchers who have dug into the leaked data set calculated that there are at least 740,858 credit cards, 811,676 credit cards, and 293 charge cards - and although many seem to be duplicates, one company - D3 Labs - believes there are 2,141,564 unique entries.
Leaking sensitive info
Besides the card number, the data set also leaks people’s names, emails, phone numbers, home addresses, and the details needed to use the card - expiration date and CVV code. Some cards, the researchers found, are valid until 2052. The database contains almost half a million unique email addresses from 28,000 unique email domains, which in itself is an immensely valuable resource for cybercriminals.
"The presence of email addresses and full information (commonly referred to as "Fullz" by cybercriminals) will make the victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details," researchers from Cyble.
This is not the first time this website has gone for a publicity stunt such as this one. Late last year, the same site leaked more than 1.2 million credit cards, also for free. Back then, it said the leak was in promotion of a new URL it was forced to register after someone DDoS’ed its old domain and rendered it useless.
Another website did the same thing in August 2021, releasing the details on more than a million credit cards, for free, on a number of hacking forums.
- These are the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.