Researchers from Group-IB monitor the Dark Web and have recently reported the appearance of nearly half a million credit card records available for sale.
Each record is valued at more than half a million dollars. The records were rolled out in staggered fashion, with the first file containing some 30,000 records.
They included credit card numbers, CVV codes, expiration dates, email addresses, owner’s names, addresses and phone numbers.
Much of the information contained in the database can’t be found on the card’s magnetic stripe. That’s a clear indication that the cards being offered for sale were not gathered from infected point of sale terminals or ATMs but rather, collected via online attacks.
Although there’s no definitive proof, MageCart seems to be the most likely source of the card records in this collection. That is because there have been a number of high profile, successful MageCart attacks in recent months.
Just a month after the initial database of 30,000 records was offered for sale, two additional databases appeared in the same corner of the Dark Web. One of them contained 190,000 records, and another containing some 205,000 offered by the same hacker.
Initially, the card records were being sold at $3 each. When the two larger databases appeared, the seller lowered the price to $1 per record. In all three cases, the hacker offering the cards assured purchasers that 85 to 90 percent of the records were valid and came with full information.
Most of the records in all three databases were collected in Turkey and based on Group-IB’s analysis of the data. The researchers were able to confirm that most of the card numbers could be traced back to the top 10 Turkish banks.
In light of this, if you’re living or doing business in Turkey, or have a payment card issued by one of the big Turkish banks, it pays to take steps to protect yourself.