In one of the largest-ever and most-valuable breaches of financial data, credit and debit card details of nearly half a million Indians were found to be sold on dark web.
According to reports, the records of nearly half a million payment cards of Indian banks are being sold for $9 apiece on the Joker's Stash, one of the most popular underground cardshops, Singapore-based cybersecurity company Group-IB has said.
The company detected a database containing over 460,000 payment card records uploaded to one of the most popular darknet cardshops on February 5. Over 98 per cent of the records were from the biggest Indian banks, Group-IB said on Friday.
This is the second major upload of payment records related to Indian cardholders registered by Group-IB in the past several months. The first one was reported by the company last October. The underground market value of the database is estimated at more than $4.2 million. The source of this batch currently remains unknown, the company said, adding that it immediately informed the Indian Computer Emergency Response Team (CERT-In) about the sale of the payment records.
The database exposed card numbers, expiration dates, CVV/CVC codes and some additional information such as cardholders' full name, as well as their emails, phone numbers and addresses, security researchers from Group-IB found.
Indian cybersecurity officials have alerted the Reserve Bank of India (RBI) and all Indian banks that such data was being sold on the dark web, a senior official in a department handling cybersecurity told Hindustan Times. “Once RBI and banks inform us of the nature of the data being sold, investigations on how the information was accessed can be more targeted and specific,” a second senior official, also in a cybersecurity department, told Hindustan Times.
Earlier, on October 28, 2019, the Group-IB Threat Intelligence team detected a huge database holding more than 1.3 million credit and debit card records of mostly Indian banks' customers uploaded to Joker's Stash. Group-IB experts determined that the underground market value of the database was estimated at more than $130 million.