Press "Enter" to skip to content

Over 300,000 Credit Card Details Leaked Online


India-based cybersecurity startup Technisanct has uncovered a series of breached data involving debit and credit card details from top banks in 6 major South East Asian countries a couple of weeks ago.

M

ore than 300,000 payment card details comprising of expiry dates, PIN and CVV were found for sale in various dark-web forums. Based on the published 1,136 Bank Identification Number (BIN), these cards were issued by major banks in Thailand, Singapore, Malaysia, Indonesia, Vietnam and The Philippines.

The major credit card details leaked online on those forums was found during a research run conducted by the threat analyst team of Technisanct to analyse threats to the financial sector in South East Asian countries.

Advertisement

Technisanct reported that of the 6 countries, the Philippines was the worst hit, with 172,828 cards breached. This was followed by Malaysia and Indonesia with 37,145 and 35,354 cards breached respectively. Details for the other countries are as tabulated below.

Country Affected BINs Breached Cards
The Philippines 173 172,828
Malaysia 255 37,145
Indonesia 237 35,354
Singapore 185 25,290
Vietnam 95 23,144
Thailand 191 16,908

“The results are alarming as it seems no one is aware that such huge volume of payment card details is available in public. Any threat actor can get those card details and cause financial loss to the owners of the payment cards.”

Technisanct

As a follow-up measure, Technisanct have informed the Computer Emergency Response Team (CERT) of the respective countries of this situation via email on 18th February 2020 and provided them with the details. The 1,136 BIN were assessed and the details for 310,669 payment cards such as card number, name of card holder, expiry date, CVV and in some cases PIN were found to have been breached.

Some of the information of banks by the country provided on Technisanct’s press release are as shown below.

malaysia credit card details on dark web

singapore credit card details exposed

indonesia payment card details exposed

thailand payment card details exposed

vietnam payment card details compromised

philippines credit card details leaked online

The data was dumped by major players like Fresh Stuff, Joker Stash and other regular actors who trade these kinds of data regularly. Sites like Fresh Stuff even provided daily updates with new dumps. The threat team at Technisanct had only assessed a few random sample data set from the dark-web sites and the above could just be a tip of the iceberg. It was unclear if more are to be uncovered.

dark web update on private data
Details of the latest updates of credit card details posted on the dark-web sites.
dark web update on private data
A post on the dark web about the next update on 25th January 2020.

The data was sold at a price based on their individual bank balance – the higher the bank balance, the higher the price of the card.

Researchers believe that the data may have been collected using the usual phishing methods through malware attack on individuals, fraudulent apps, or Point-of-Sale (POS) credit card terminals.

credit cards leaked online
It is suspected that some of the credit card details could have been hijacked when used at a POS machine.

The use of credit cards should be considered outdated and unsafe in this era of cyberthreats. With online shopping being more prevalent today than it ever was, having to submit your personal data (PIN, CVV etc) over the internet to the servers for processing for any online activity just seems to be an unnecessary risk. It is for this reason that cryptocurrencies like bitcoin and litecoin offer a far safer way of paying for goods and services – both online and offline – as no private information is exposed in the transactions.

Advertisement

SEE ALSO:






Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Modest Pie