The credit/debit card details of over 1.2 million people worldwide have been leaked onto a dark web site called BidenCash.
Cyble, a global threat intelligence provider, found that the leaked database contains information including card numbers, expiry dates, CVV numbers, and emails of consumers across the globe, including the United States and Australia.
The top countries with the most affected consumers are the United States, with over 675,000 card details leaked, followed by India, Brazil, and the United Kingdom.
In Australia, over 12,600 cards have been compromised.
According to Cyble statistical analysis, American Express (U.S.) was the most impacted bank.
Visa was the most affected card type, followed by Mastercard and American Express.
Analysts from Italian cyber agency D3lab believe the card information mainly comes from web skimmers, where a malicious code is injected into an online payment page.
“We have observed many Threat Actors that drive fraudulent transactions and purchases using compromised payment cards. The impacted consumers may face an increased risk of financial fraud due to the leaked information,” Cyble said.
The BidenCash shop was established in the dark web in April 2022. Through the use of promotional strategies, such as mass releasing payment card data for free, it has become one of the most popular underground shops.
It was able to fill the void of previous payment card shops that were either retired or cracked down by law enforcement in 2021.
Australians Still Spooked From Largest Data Breach
It comes only weeks after Australians experienced the largest cybersecurity breach in the country’s history, which resulted in 2.1 million identification documents being exposed.
The Optus data leak saw 10,000 Australians have 100 points of identification leaked online, including passport and driver’s licence numbers.
Federal police have moved to protect the most vulnerable victims of the cyber attack, with Prime Minister Anthony Albanese confirming that Optus had agreed to cover the costs for replacement passports.
A new police task force was also established to protect impacted customers and safeguard Australians from cybercrime.
The Office of the Australian Information Commissioner (OAIC) also launched an investigation into the handling practices of personal information by the Telco giant.
“If they have not done so already, I urge all organisations to review their personal information handling practices, and data breach response plans to ensure that information is held securely and that in the event of a data breach, they can rapidly notify individuals so those affected can take steps to limit the risk of harm from their personal information being accessed,” Australian Information and Privacy Commissioner Angelene Falk said.