ESET, a leading proactive threat detection team, has leaked a free database containing information on more than 2 million credit and debit cards.
The dark site BidenCash, dedicated to the sale of stolen credit and debit cards, has turned one year old and celebrated by publishing a free database with 2,165,700 credit and debit cards.
What data is given, in addition to the card number, the expiration date (which in some cases reaches 2052) and the security code, other complementary personal information, such as name, email address, telephone number and address.
From Cyble’s blog, which marked the publication of this information, the announcement of BidenCash aims to promote the service.
One of the forums where the leak was reported was free acceptance of credit and debit cards.
Credit information from different countries and credit cards. Although the United States appears to be the most affected with 965 thousand registrations, Mexico appears in second place with 97,663 and China in third place with 97,003.
Andreas Draghetti, from D3labIT, informed BleepingComputer that although after the analysis of the database it was noticed that there were many duplicates of the data, more than two million unique ones. Likewise, the database also includes 497,000 unique email addresses that may send phishing emails or other types of fraud to carry out identity theft.
On the other hand, even though the researchers cannot confirm the validity of the data, this does not mean that they can release the banks or customers. In addition to credit and debit card information, other personal information can also be used for phishing attacks and other frauds, so there is a risk.
BidenCash is a site that has been active since February 28, 2022 and has already used data leaks on other occasions to promote its military activities. In October, he did the same with a database in which he has more than 1.2 million credits.
“Data leaks are more and more common, and although there are laws such as the GDPR, the General Data Protection Regulation, it is important that we as users know how to care for and protect our personal data. For example, do not enter them in areas we do not consider safe, as well as updated systems saved and having a security solution installed on the machines. Finally, knowing the latest threats will help us avoid incidents due to scams”, says Camilo Gutiérrez Amaya, Head of ESET Research Laboratory for Latin America.