Posts: 8,790 +110
What just happened? There are plenty of illicit websites trading in stolen financial data, including one called BidenCash, which uses the president's name and his image. To celebrate its first birthday, the site has published a database filled with over 2 million credit and debit card details so anyone can look them up free of charge.
BidenCash appears to be leaking the database as a way to drum up attention. Cyble researchers who first detected the leak write that it contains 2,165,700 credit and debit card details: 740,858 credit cards, 811,676 debit cards, and 293 charge cards.
In addition to the payment card numbers, the data includes names, around 497,000 email addresses from 28,000 unique email domains, phone numbers, home addresses, expiration dates (ranging from early 2023 to 2052), and CVV codes. It's unclear how the site operators stole so many sensitive details.
The vast majority of these records – almost one million – come from the US, while Mexico, China, and the United Kingdom all have just under 100,000. The top three most impacted banks were Chase, Bank of America, and Wells Fargo.
"The presence of email addresses and full information (commonly referred to as 'Fullz' by cybercriminals) will make the victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details," wrote Cyble researchers.
According to D3Lab's Head of Threat Intelligence, Andrea Draghetti, the data contained tens of thousands of duplicates, but 2,141,564 entries are unique.
This isn't the first time BidenCash has leaked financial card data to gain publicity. It posted 1,221,551 credit card detail back in October to promote an URL it was using after the old one had been hit with a DDoS attack.
Similar illicit sites perform the same trick. BleepingComputer writes that All World Cards leaked 1,000,000 credit card details for free on various hacking forums back in August 2021.
If you're worried about your card details being part of the leak, make sure to check your statements for unusual activity. It might also be prudent to sign up for potential-fraud alerts if your bank offers them.