Data Of A Whopping 9 Million Card Holders Leaked On Dark Web BidenCash, Affected Banks Include SBI, American Express

A massive data leak involving financial data of credit card customers of large banks like the State Bank of India (SBI), American Express and Fiserv Solutions LLC has been discovered by security researchers. The financial data of a whopping nine million credit card holders were leaked, according to threat intel organisation Cyble.

According to Cyble, its research revealed that American Express (US) was the most affected company in the credit card data breach. The top 50 countries with affected consumers were the US, India, Brazil, the UK, Mexico, Turkey, Spain, Italy, Australia, and China.

The leaked database includes 1,221,551 credit and debit card records consisting of credit card number, expiry date, 3-digit card verification value or CVV number, card holder’s name, associated bank name, full address, date of birth, email, and phone number, impacting payment card consumers across the globe including US, Canada, India, Bangladesh, Saudi Arabia, UAE, Indonesia, Malaysia, and Singapore.

The database also includes the social security number information of payment card consumers in the US.

A report by IANS claimed that the threat intelligence team of CloudSEK has discovered a threat actor advertising a database of 1.2 million cards for free on a Russian-speaking dark web cybercrime forum followed by details of 7.9 million cardholder data advertised on the BidenCash website which is a carding site on the dark web.

Anybody can go to BidenCash, the carding site on the dark web and download the leaked credit card details for free and misuse the information.

"State Bank of India, Fiserv Solutions LLC, and American Express were some of the top banking institutions which were affected. There were approximately 508,000 debit cards breached with 414,000 records of Visa payment network followed by Mastercard," the security researchers said.

"Marketplaces like BidenCash emerge frequently where the threat actors trade-sensitive card data for carding and cloning services. While the modern day security mechanisms are able to minimise the impact, threat actors regularly check deploy new methods to bypass them," said Rishika Desai, Cyber Threat Researcher, CloudSEK.

The majority of personal emails associated with the card details were exposed. Other official email records were found to be exposed associated with SoftBank, Bank of Singapore, and World Bank from the previous data breach by BidenCash.

BidenCash forum became active in early February 2022. Post that the threat actor resorted to various ways to gain traffic to his website such as spamming comments on websites.

"On a personal level, trying to track your card transactions, being aware of malicious sites luring off a great deal can help prevent to a greater extent. With the BidenCash group trying to gain popularity through various measures, leaking card data motivates other groups to follow the same steps," Desai noted.