This week our Data Loss Recovery analysts discovered a significant data source of compromised credit cards ranging back several years. Our team detected this card dump via the Xforce forum on 6th August 2021. Surveillance of criminal chat and telegram groups promoting this activity was under our monitoring scope. The Xforce forum and associated Telegram group provide access to the full card information, including the 16 digit Credit Card numbers and CVVs. After some thorough investigation, we found out that some of the cards belong to a carding site called All Worlds, which is an auto carding site similar to Joker Stash. The full card details are available at no cost. The hacked cards were sniffed through Magecart and a combination of different modus by the cybercriminals. Ultimately, the cards end up in automated shops for profit rather than the criminals directly cashing them out, as cashing out stolen cards has high risks for the threat actors. Now, we tracked down the source of some of the free cards, and we ended up in a Russian cybercriminal forum.
In the forum, we saw that the All Worlds carding shop has blatantly released one million old card data for free to promote their carding shop to the forum users.
The available card details include the Credit Card Number, Expiry Date, CVV, country, as well as personally identifiable information and contact details.
The data was from 2018 to 2019. The carding site mentioned that the validity of the working rate of the cards is approximately 26%. However, viewing the exposed cards isn’t a walk in the park as the Russian forum site requires members who have been liked through their reactions with at least a +5 rating. This is a security measure of the forum site itself against teachers. The forum is known to have strict measurements to filter out possible law enforcement attempting to infiltrate their cybercrime nest. The forum admins themselves are responsible for that task.
After retrieval of the data comes the analysis part. iZOologic is currently in the process of retrieving the data. We are also monitoring other forum contents that may target individuals and corporations where an attack could be imminent. For those who think they are affected by the data leak, kindly check for your recent transactions on your card statement to identify any unauthorized transactions. Identifying and recovery of compromised data from the dark web is a keystone to any modern security strategy. We are now seeing messaging apps such as Whatsapp and Telegram as key vectors in how criminals operate. Clients affected by this data dump will be kept updated. Stay tuned.