February 28th marked the one year anniversary of infamous Dark Web credit card shop, BidenCash. To celebrate, the group released a free text dump earlier this week of 2.1 million compromised cards on Russian-speaking darknet board, XSS.
The leak, first reported by Cyble, contained personally identifiable information (PII) for each entry. These included the card number, expiration date, CVV, name, and address of the holder. As well, there were nearly half a million associated email addresses.
A visit to the page greets users with the following message:
“We are thrilled to have reached our first year anniversary as an online store, and we couldn’t have done it without your support! Thank you for choosing our store and for trusting us to provide you with quality products and excellent service.”
“We are proud to have you as a customer, and we look forward to continuing to serve you in the coming years. Your loyalty and trust are what motivate us to keep improving and growing our business.
“Once again, thank you for choosing our store. We appreciate your patronage and look forward to your continued support.
“Sincerely, yours Joe Biden“
Researchers at D3Lab assert that only about thirty percent of the published cards in BidenCash‘s last free card dump in October were immediately usable for fraudulent activity. Still, each entry puts consumers at risk, even if the cards are expired or cancelled.
Due to the recent nature of the incident, no information has been provided as to how the data was acquired.
Stolen credentials by country:
Stolen credentials by bank/servicer:
So far, no major crimes have been tied to any of the accounts indicated in the dump.
Consumers are advised to monitor their credit card statements closely and to report any suspicious activity to their financial institution immediately.