If caught onto by cyber-criminals, the massive private data leak could fetch up to roughly $130 million, the media reported late Wednesday (30 October).
The “dark web”, also called the “darknet” refers to the wider portfolio of sensitive, illegal, or explicit content that does not surface as search results through regular browsing activities.
Under the heading -- “INDIA-MIX-NEW-01” -- the personal details of Indian card users is up for purchase on a dark web destination called “Joker’s Stash” – that specialises in trading payment-card data for $100 (Rs. 7000 approx.) each.
Cyber-thieves who buy illegal cards from “Joker’s Stash” typically use the stolen data to clone legitimate cards and withdraw money from ATMs.
Citing researchers from European cyber security firm Group-IBA, the report said that the card details may have been obtained via skimming devices, installed either on ATMs or point of sale (PoS) systems.
Since 2014, the data of companies including Target, Walmart, and British Airways have been breached through stolen cards purchased on significant darknet marketplaces. Earlier in February, the card details of 2.15 million Americans were dumped on “Joker’s Stash”.
On August 22, the darknet store released the first batch of stolen credit card data dumps from an alleged point-of-sale (POS) breach at the US-based gas and convenience store chain Hy-Vee.
As present, it is estimated that “Joker's Stash” has listed 5.3 million credit card numbers related to this breach.
