A well-known illegal website where people can buy stolen credit cards has decided to celebrate its first birthday by publishing, free of charge, a database with more than two million credit and debit card details.
Since the leak was announced upfront, the media speculated that the goal was to get as much publicity and free advertising space as possible – so we won’t be naming the site.
Researchers who dug into the leaked data set calculated that there were at least 740,858 credit cards, 811,676 credit cards, and 293 credit cards – and though many appeared to be duplicates, one company – D3 Labs – believed there were 2,141,564 unique entries.
Leaking sensitive info
In addition to card numbers, the dataset also leaked people’s names, emails, phone numbers, home addresses, and the details required to use the cards – expiration dates and CVV codes. Some cards, the researchers found, are valid until 2052. The database contains nearly half a million unique email addresses from 28,000 unique email domains, which in itself is an invaluable resource for cybercriminals.
“The existence of an email address and full details (commonly referred to as “Fullz” by cybercriminals) will make the victim of this leak vulnerable to other attacks, such as phishing, identity theft (opens in new tab)and fraud, well past the expiration of their card details,” researchers from Cyble.
This is not the first time this website has taken a publicity stunt like this. Late last year, the same site leaked more than 1.2 million credit cards, also free. At the time, it said the leak was in the promotion of a new URL that was forced to be registered after someone DDoSed its old domain and rendered it useless.
Another website did the same in August 2021, releasing details of over a million credit cards, for free, on a number of hacking forums.
Via: Bleeping Computer (opens in new tab)