The trade with stolen credit and debit card details is proliferating. A brand-new research indicates that more than 460,000 payment (both debit and credit) card records were offered for sale on the popular underground forum Joker’s Stash. The information was being offered separately in 4 databases, sold in two rounds, on October 28 and November 27.
Stolen Payment Card Information Is from Turkey, Sold on Joker’s Stash
At first, the seller mentioned two databases, each containing data for 30,000 cards. The price for each card was $3. The announcement also claimed that 85-90% of the cards were valid and came with their card verification value (CVV) numbers. These numbers are very important as they are needed for transactions such as online shopping.
The first two databases carried the names Turkey-Mix-01 and Turkey-Mix-02, and it seems like they originated from the country of Turkey. According to researchers from cybersecurity firm Group-IB, the cards were issues from the top 10 Turkish banks.
There are two other parts of the database which were called “TURKEY-MIX-03-SPECIAL-PRICE-1USD (FRESH SNIFFED CVV) 190.000 cards TURKEY MIX, HIGH VALID 85-90%, uploaded 2019-11-27 (time for refunds: 15 minutes)” and “TURKEY-MIX-04-SPECIAL-PRICE-1USD (FRESH SNIFFED CVV) 205.000 cards TURKEY MIX, HIGH VALID 85-90%”, uploaded 2019-11-27 (time for refunds: 15 minutes). These were uploaded on 27.11.2019.
“TURKEY-MIX-03” contained about 190,000 records, whereas “TURKEY-MIX-04” contained approximately 205,000 cards. The cards were offered at the price of 1$ each.
This payment card information offered for sale on Joker’s Stash hasn’t appeared on any underground forums prior to these events. Furthermore, card date from Turkey is rarely available, as this is the only big sale of Turkish cards from Turkish banks.
According to Dmitry Shestakov from Group-IB cybercrime research unit, “all the compromised credit and debit cards records in this database were identified as raw cards data also known as “CCs” or “fullz” and contained the following information: card number, expiration date, CVV/CVC, cardholder name as well as some additional info such as email, name and phone number, which, unlike card dumps (the information contained in the magnetic stripe), cannot be obtained through the compromise of offline POS terminals.”
The researchers immediately alerted the Turkish authorities. The source of the payment card details remains unknown.