One Million Stolen Credit Cards Hit The Dark Web

Uploaded on 2021-08-13 in GOVERNMENT-Law Enforcement, FREE TO VIEW

A Russian cyber criminal group called AllWorld.Cards has released 1 million stolen credit cards on the Dark Web and now hundreds of thousands of active credit card payment credentials are freely available to criminals. 

The incident is aimed at promoting AllWorld.Cards, a new cyber criminals’ Dark Website for selling payment credentials online  to test the resources for free before eventually paying for the new service. Researchers at threat intelligence firm first  Cyble noticed the leak during routine monitoring of Dark Web marketplace.

Cyble released a post detailing their findings. The cards were all stolen between 2018 and 2019, according to the advertisements.  The leaked cards include information such as credit card numbers, expiration dates, CVV, name, country, state, city, address, ZIP code, emails, and phone numbers. 

This leaves the victims susceptible not only to financial theft, but to identity fraud, phishing, and social engineering. 

AllWorld.Cards appears to be a relatively new player to the market for selling stolen credit-card data on the Dark Web, according to Cyble. “Our analysis suggests that this market has been around since May 2021 and is available on a Tor channel as well,” according to the post.

The black market for stolen credit cards is a massive illegal business, with cyber criminals getting their hands on card data in a number of ways. 

In the last six months of 2020 alone, threat actors offered more than 45 million compromised cards for sale in underground credit-card markets monitored by security firm Cybersixgill. These cards are then used by cyber criminals to make online purchases, including buying gift cards, that are hard to track back to them. There is some uncertainty about how many of the cards are actually still active and available for cyber criminals to use. Cyble researchers noted that threat actors claimed that 27 percent, according to a random sampling of 98 cards, are still active and can be used for illegal purchasing.

To protect yourself you need to contact one or other credit reporting firm to initiate a fraud alert, which in turn is legally obligated to share your notice with others - it is free.

CyberSixGill:      CNBC:     Oodaloop:    Threatpost:      BlackLake Security

You Might Also Read: 

2021 - Inside The Dark Web:

 

« Cyber Crime In 2025
Suspected Russian Spy Arrested »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Juniper Networks

Juniper Networks

Juniper Networks is the industry leader in network innovation. We provide network infrastructure and network security solutions.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

Laminar

Laminar

Laminar provides the only Public Cloud Data Protection solution that provides full visibility and enforcement capabilities across your entire public cloud infrastructure.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.