Major Data Breach Exposes Card Details of Half a Million Indians

Major data breach of physical cards has exposed CVV number, user’s name and address, all of which are on sale.

Updated
Tech News
2 min read
Debit card breaches have become a concern for the RBI.
i

A cybersecurity company on Friday revealed that a database of over 460,000 payment card records has been posted on one of the most popular darknet card shops on 5 February.

The worrying bit about the report shared by a Singapore-based firm called Group-IB is that over 98 percent of records detected belonged to some of the biggest Indian banks. And it also mentions the market value of this database on the dark web is estimated at more than $4.2 million. The source of this batch currently remains unknown.

This is the second major incident to have been reported in less than six months involving data of Indian debit or credit card users. Interestingly, in both the incidents, the common pattern has been the same darknet card shop called the Joker’s Stash.

Sharing the details of the breach with The Quint, Group-IB pointed out that,” upon the discovery of this database, Group-IB immediately informed the Indian Computer Emergency Response Team (CERT-In) about the sale of the payment records, so they could take necessary steps.”

So what kind of data has been revealed?

The Group-IB report confirmed the database had 4,61,976 payment records, of which, the breach exposed card numbers, expiration dates, CVV/CVC codes as well as cardholders’ full name, emails, phone numbers and addresses also.

The report shares more concerning details about the breach, telling how much is the data being sold at, and if any of them have been sold yet. “All the cards from the database are being sold for $9 (Rs 630 approx) for a piece, with the total underground market value of all the batch standing at $4,157,784. As of morning on 6 February, 16 cards were sold out.”

“This is the second major leak of cards relating to Indian banks detected by Group-IB Threat Intelligence team in the past several months.” 
Dmitry Shestakov, Head - Cybercrime Research Unit, Group-IB 

Group-IB has also confirmed the new data includes physical cards that come without the magnetic stripe, which was recognised as the source of the breach last year. “What distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Published: 
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!