Dark web market BidenCash leaks info on two million payment cards


BidenCash, a dark web carding market, has leaked two million valid cards, many of them issued in the US – as a birthday anniversary promotion.

While legitimate companies mark birthdays by offering discounts, cybercriminals give away stolen goods: BidenCash announced it was handing out credit-card data.

The leaked information includes cardholders’ full names, card numbers, bank details, expiration dates, and card verification value (CVV) numbers. The dataset also has home and email addresses linked to the stolen cards.

ADVERTISEMENT

Threat actors often use stolen cards to mask illicit activities, and marketplaces like BidenCash operate as an integral part of the cybercrime economy. Threat actors often obtain card data using information-stealing malware or infecting point-of-sale (PoS) devices.

BidenCash
BidenCash announcing the leak. Image by Cybernews.

According to the Cybernews research team, the leaked dataset contains card information from all over the globe. However, the team noted that cards issued in the US dominate the dataset. Other countries with significant presence are China, Mexico, India, Canada, and the UK.

BidenCash first launched in June 2022, which begs the question why it’s celebrating its anniversary in March. In any case, Its operators have spearheaded similar promotion campaigns in the past: last October, BidenCash’s operators offered users a dataset containing over 1.2 million stolen cards.

Carding is an unauthorized use of stolen credit card information. It might include buying prepaid gift cards to cover the tracks of criminals, exploiting personal data, or money laundering.

The carding market encompasses two segments: selling card data in text format (card number, expiration date, cardholder’s name, address, and CVV) and card dumps (information taken from the card’s magnetic stripe).

ADVERTISEMENT