Even hackers are following in the footsteps of big advertising to promote their stolen personal financial information. Over the weekend, the stolen credit card marketplace BidenCash announced a free giveaway of 1,221,551 credit cards, promoting the leak on a number of other websites.
The first hit is free, as the local dealers say, but in this case, a leak could have meant free money for any user who managed to snag a card. Researchers are still investigating the leak, but early reports indicate that many of the cards may have already been reported to card issuers.
According to a Saturday report from Bleeping Computer, BidenCash first appeared on the scene in June of this year when they leaked thousands of credit card details online for free. If the number of credit cards from this latest release is still active, it would indicate how quickly the site grew, as well as how prevalent online credit card theft has become.
This is also not the first major credit card leak of its kind. Another hacker credit card shop, All World Cards, released over 1 million card details online last year.
The 1.2 million credit card details also include the associated personal information that any hacker would need to facilitate digital transactions, such as the person’s name.
Credit cards could be obtained from a variety of sources, including malware forced into online stores, individual user malware attacks, or breaches of companies that store credit card information.
According to D3Lab, the majority of this card information comes from web skimmers, also known as magecart attacks, in which hackers inject malware code into a website, allowing them to extract data from standard HTML forms people use to fill out personal or credit card details.
According to Cyble’s cyber security researchers, the majority of the 1.2 million cards were from users in the United States. The majority of those cards, 53% to be exact, were issued by American Express.
Gizmodo contacted the bank to inquire whether those cards had been cancelled and if any had been used for fraudulent transactions since the card numbers were released, but we did not receive a response right away. Other card issuers included Wells Fargo Bank, U.S. Bank, and Bank of America.
Because the credit card information was widely available online, it’s likely that the card issuers were already aware of the leak, though it’s unclear how many people had their credit cards used during that time according to Bleeping Computer
According to Cyble, BidenCash entered the scene as a small player in 2021, but after other major illicit shops retired or were shut down by cyber cops, BidenCash entered the scene and used its large marketing push to establish itself as a dominant force in the world of ill-gotten credit cards.
And what does the “Biden” in the hackers’ web address mean? Nothing, in fact. Previous credit card dump sites have included Joker Stash, Ferum Stash, and “Trump Dump.” Companies, including major banks, have a history of failing to prevent major breaches that steal credit card information from users.