It has been revealed that a database of 1.2 million cards is in the hands of attackers, who are advertising the same for willing buyers, The information was seen in a Russian-speaking forum, and was first detected by CloudSEK’s AI digital risk platform.
This also follows a previous incident of 7.9 million cardholder data advertised on the BidenCash website. However, this time around, the leak is said to be more damaging because the intruders have released sensitive Personal Identifiable Information (PII) information such as SSN, card details, and CVV.
Some of the banks that have been affected include State Bank of India, Fiserv Solutions LLC, and American Express.
Reportedly, there were approximately 508,000 Debit cards breached with 414,000 records of Visa payment network followed by Mastercard.
The majority of personal emails associated with the card details were exposed.
Other official email records were found to be exposed associated with SoftBank, Bank of Singapore, and World Bank from the previous data breach by BidenCash.
The motivation behind these data leaks was to gain more traffic to their website and establish a reputation.
BidenCash forum became active in early February 2022.
Post that the threat actor(s) resorted to various ways to gain traffic to their website such as spamming comments on websites.
The first website to emerge was bidencash[.]com in the year 2020, after which most of the series of domains were registered with different TLDs in the year 2022, with the recent one being bidencash[.]group.
The leaked PII could enable threat actors to orchestrate social engineering schemes, phishing attacks, and even identity theft.
Exposed card details might be used by them to carry out attacks such as card trafficking, card cloning, and unauthenticated transactions to facilitate illegal purchases.
Using virtual cards offered by certain banks that enable users to simply revoke them or single-use cards that are automatically erased after a single purchase can protect consumers against such data breaches.
Another option is to implement multi-factor authentication and monitor account anomalies on a regular basis.
