One Million Stolen Credit Cards Hit The Dark Web

Uploaded on 2021-08-13 in GOVERNMENT-Law Enforcement, FREE TO VIEW

A Russian cyber criminal group called AllWorld.Cards has released 1 million stolen credit cards on the Dark Web and now hundreds of thousands of active credit card payment credentials are freely available to criminals. 

The incident is aimed at promoting AllWorld.Cards, a new cyber criminals’ Dark Website for selling payment credentials online  to test the resources for free before eventually paying for the new service. Researchers at threat intelligence firm first  Cyble noticed the leak during routine monitoring of Dark Web marketplace.

Cyble released a post detailing their findings. The cards were all stolen between 2018 and 2019, according to the advertisements.  The leaked cards include information such as credit card numbers, expiration dates, CVV, name, country, state, city, address, ZIP code, emails, and phone numbers. 

This leaves the victims susceptible not only to financial theft, but to identity fraud, phishing, and social engineering. 

AllWorld.Cards appears to be a relatively new player to the market for selling stolen credit-card data on the Dark Web, according to Cyble. “Our analysis suggests that this market has been around since May 2021 and is available on a Tor channel as well,” according to the post.

The black market for stolen credit cards is a massive illegal business, with cyber criminals getting their hands on card data in a number of ways. 

In the last six months of 2020 alone, threat actors offered more than 45 million compromised cards for sale in underground credit-card markets monitored by security firm Cybersixgill. These cards are then used by cyber criminals to make online purchases, including buying gift cards, that are hard to track back to them. There is some uncertainty about how many of the cards are actually still active and available for cyber criminals to use. Cyble researchers noted that threat actors claimed that 27 percent, according to a random sampling of 98 cards, are still active and can be used for illegal purchasing.

To protect yourself you need to contact one or other credit reporting firm to initiate a fraud alert, which in turn is legally obligated to share your notice with others - it is free.

CyberSixGill:      CNBC:     Oodaloop:    Threatpost:      BlackLake Security

You Might Also Read: 

2021 - Inside The Dark Web:

 

« Cyber Crime In 2025
Suspected Russian Spy Arrested »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.