Cyber criminals leak one million credit cards on the dark web (2024)

Cyber criminals leak one million credit cards on the dark web (1)

Hackers have given away the details of over a million stolen credit cards in a bid to promote a new cyber criminal carding marketplace on the dark web.

The cards were stolen between 2018 and 2019 and have appeared on a stolen card market called AllWord.Cards.

Attackers steal credit card details in Vision Direct data breach Hundreds of counterfeit shoe sites hit by Magecart credit card scam Newegg users’ credit card info breached in month-long data hack Whole Foods is hacked, exposing credit card details

According to researchers at Cyble, the hackers unleashed these details to promote their cyber crime marketplace and over 20% of the credit cards are still valid. The marketplace has been around since May 2021 and is available on a Tor channel too.

The leaked details contain credit card numbers, expiry dates, CVV numbers, names, addresses, zip codes, email addresses, and phone details.

The leak affects up to 500 banks, including JP Morgan and Toronto-Dominion Bank (TD Bank). Around 83,433 of the cards were from the US.

The leak has also been analyzed by Italian cyber security company D3 Lab. It found that over 50% of the cards were still valid.

“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised,” researchers said.

Get the ITPro. daily newsletter

Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.

“The cards marketed on carding sites usually have different origins: skimmers at petrol stations or in supermarket Point of Sale, cards from phishing, from databases of compromised sites, etc.”


Cyber criminals leak one million credit cards on the dark web (2)

2021 IBM Security X-Force Insider Threat Report

Top discovery methods and recommendations for insider attacks


D3 Lab researchers said the All World Cards curators began advertising their services on carding sites in early June.

“It is conceivable that the data was shared for free to entice other criminal actors to frequent their website by purchasing additional stolen data from unsuspecting victims,” said researchers.

Javvad Malik, security awareness advocate at KnowBe4, told ITPro that as these were stolen some years ago, it can be difficult to determine where they came from and if they were from a single source or multiple sources.

“It goes to show that even if a breach isn't apparent or noticed, criminals can take advantage of lax security controls many years after the fact. So all organizations should remain vigilant at all times,” he said.

“The good news is that banking has tried and tested controls in place to deal with stolen credit cards and fraudulent transactions. Consumers should always check their bank statements carefully and ensure that there are no unknown transactions and contact their bank as soon as possible if there is any suspicious activity to get the card blocked and a new one issued."

Cyber criminals leak one million credit cards on the dark web (3)

Rene Millman

Rene Millman is afreelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud.He also worksas a contributing analyst at GigaOm and has previously worked asan analyst for Gartner covering the infrastructuremarket. He has made numeroustelevision appearances to give his views and expertise on technology trends andcompanies that affect and shape our lives. You can follow Rene Millman onTwitter.

More about hacking

Hacking is not a crime, criminal activity isWhy the Space Force wants white hats to attack a satellite


Why 'shadow SaaS' is becoming a major blind spot for enterprise security teams
See more latest►

Most Popular
“A treasure trove for adversaries”: 10 billion stolen passwords have been shared online in the biggest data leak of all time
Microsoft agrees to pay $14 million to settle alleged breach of California workplace regulations
New UK government should embrace open source, says industry non-profit
‘Continuous reinvention’: Why tech leaders are caught in a never-ending digital transformation
Hackers stole OpenAI product secrets in 2023 data breach – reports
Hundreds of Cobalt Strike servers have been taken offline in a major law enforcement sting
Cloudflare is fighting back against AI web scrapers
Botnets are being sold on the dark web for as little as $99
Excel for the web just got a big makeover – and it’s a lot easier to use
Want cheaper cyber insurance? Security leaders say improving resilience has helped them save on coverage
NinjaOne unveils new channel program to drive partner growth
Cyber criminals leak one million credit cards on the dark web (2024)


Top Articles
Latest Posts
Article information

Author: Eusebia Nader

Last Updated:

Views: 5763

Rating: 5 / 5 (60 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Eusebia Nader

Birthday: 1994-11-11

Address: Apt. 721 977 Ebert Meadows, Jereville, GA 73618-6603

Phone: +2316203969400

Job: International Farming Consultant

Hobby: Reading, Photography, Shooting, Singing, Magic, Kayaking, Mushroom hunting

Introduction: My name is Eusebia Nader, I am a encouraging, brainy, lively, nice, famous, healthy, clever person who loves writing and wants to share my knowledge and understanding with you.