IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber criminals leak one million credit cards on the dark web

Among the stolen hoard are customer details from US and Canadian banks

Hand holding an assortment of credit cards

Hackers have given away the details of over a million stolen credit cards in a bid to promote a new cyber criminal carding marketplace on the dark web.

The cards were stolen between 2018 and 2019 and have appeared on a stolen card market called AllWord.Cards.

According to researchers at Cyble, the hackers unleashed these details to promote their cyber crime marketplace and over 20% of the credit cards are still valid.  The marketplace has been around since May 2021 and is available on a Tor channel too.

The leaked details contain credit card numbers, expiry dates, CVV numbers, names, addresses, zip codes, email addresses, and phone details.

The leak affects up to 500 banks, including JP Morgan and Toronto-Dominion Bank (TD Bank). Around 83,433 of the cards were from the US.

The leak has also been analyzed by Italian cyber security company D3 Lab. It found that over 50% of the cards were still valid.

“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised,” researchers said.

“The cards marketed on carding sites usually have different origins: skimmers at petrol stations or in supermarket Point of Sale, cards from phishing, from databases of compromised sites, etc.”

Related Resource

2021 IBM Security X-Force Insider Threat Report

Top discovery methods and recommendations for insider attacks

White background with a black border on side - whitepaper from IBMFree download

D3 Lab researchers said the All World Cards curators began advertising their services on carding sites in early June.

“It is conceivable that the data was shared for free to entice other criminal actors to frequent their website by purchasing additional stolen data from unsuspecting victims,” said researchers.

Javvad Malik, security awareness advocate at KnowBe4, told ITPro that as these were stolen some years ago, it can be difficult to determine where they came from and if they were from a single source or multiple sources. 

“It goes to show that even if a breach isn't apparent or noticed, criminals can take advantage of lax security controls many years after the fact. So all organizations should remain vigilant at all times,” he said.

“The good news is that banking has tried and tested controls in place to deal with stolen credit cards and fraudulent transactions. Consumers should always check their bank statements carefully and ensure that there are no unknown transactions and contact their bank as soon as possible if there is any suspicious activity to get the card blocked and a new one issued."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022