According to global threat intelligence provider Cyble, the leaked database contains information that includes card numbers, expiry dates, CVV numbers and emails of consumers around the globe. "The subject release of the credit and debit cards data by BidenCash shop is one of the largest leaks of its kind on any of the cybercrime/underground forums in recent times," the company said.
The top countries with the most affected consumers are the United States, with over 675,000 card details leaked, followed by India, Brazil, and the United Kingdom.
Statistical analysis by Cyble has found that American Express was the most impacted bank. Visa was the most affected card type, followed by Mastercard and American Express.
Analysts from the Italian cyber agency D3lab said the card information mainly came from web skimmers, where malicious code is injected into an online payment page such as malware forced into online shops, individual malware attacks or even from breaches of companies that store credit card information.
The BidenCash shop was established in the dark web in April and used promotional strategies such as the mass release of payment card data for free, which made it one of the most popular underground shops.
In promoting the shop, BidenCash announced that they were offering a free giveaway of 1,221,661 credit cards and even promoted the leak to other sites. This effectively helped them replace previous payment card shops that were either retired or cracked down by law enforcement in 2021.
In a detailed report, BidenCash was said to have gained prominence in June when it leaked several thousand credit card details for free online. (Related: Internet of Bodies: Implantable microchips could put all your information in one place and make you 'hackable.')
If the credit cards from the latest release are still active, it would point to the site – showing just how prolific credit card theft has become. It isn't the first massive credit card leak of its kind, with credit card shop All World Cards releasing over a million card details back in 2011.
Other information were also hacked to facilitate digital transactions, including the card owner's name, bank name, social security number, email, phone number and address, according to multiple reports and leaked screenshots.
Details of these credit cards were freely available online, so it is likely that the card issuers have already been informed about the leak. Still, it remains unclear how many people could have had their credit cards used at the time the data was released.
Reports have shown that around 30 percent of the affected cards were still active.
Australians, who were also affected by BidenCash, were still reeling from their largest cybersecurity breach from a few weeks back. That one resulted in 2.1 million identification documents being exposed.
The leak saw 10,000 Australians having 100 points of identification leaked online, including their passport and driver's license numbers.
Federal police moved to protect the most vulnerable victims of the attack, with Prime Minister Anthony Albanese conforming that Optus agreed to cover the costs for passport replacements.
A new police task force was also established following the breach to protect impacted customers and safeguard citizens from cybercrime. (Related: Fraud-proof your bank accounts with these anti-identity theft hacks.)
The Office of the Australian Information Commissioner launched an investigation into the handling practices of personal information by the telco giant, adding that other organizations should review their own personal information handling practices and data breach response plans if they haven't done so already. This is to ensure that information is held securely and that in the event of a data breach, they can rapidly notify individuals so that those affected can take steps to limit the risk of access to their personal information.
Visit PrivacyWatch.news for more stories about information leaks online.
Watch the video below to see how fast credit card skimming can happen.
This video is from Gary's List channel on Brighteon.com.