Serviceteam IT Security News

A cybercriminal has sold almost 900,000 gift cards and over 300,000 payment cards on a top-tier cybercrime forum on the dark web. The total value of the cards was claimed to be some US$38 million. The hacker probably gained access to the data by compromising the backend infrastructure of a gift card marketplace.

According to a report by fraud intelligence firm Gemini Advisory, the stolen cards originated from a 2019 breach of an online discount gift card marketplace that has since gone offline. “As the payment cards were stolen from a gift card store and both the payment cards and gift cards were sold by the same actor, Gemini assesses with moderate confidence that the gift cards offered for sale were also stolen during the breach of Cardpool.com,” the company said. Since they’re easy to redeem and tough to track, gift cards are an increasingly popular target for fraud.

One of the company’s analysts observed offers to sell the cards in bulk on the Russian-language forum in February 2021. While the actor behind the sale didn’t reveal how they obtained the cards or what their origins were, they did disclose that the loot contained more than 3,000 brand-name gift cards from as many companies, including Airbnb, Amazon, Nike, Marriott, Walmart, and others. The threat actors set up an auction with the bidding starting at US$10,000 and a buy now price of double the initial bidding price. The database was sold within a few moments of being posted.

RELATED READING: Tips for buying and sending gift cards

Gemini Advisory pointed out that the gift cards sold for an unusually low amount: “Typically, compromised gift cards sell for 10% of the card value in the dark web; however, the 895,000 cards offered from the breach were priced at roughly 0.05% of the card value.” Although that may be chalked up to the hacker overstating the total value, it is more likely that the price accounts for the fact that a sizeable number of the cards wouldn’t work or have a low balance.

A mere day after selling the gift cards, the same cybercriminal offered to sell 330,000 payment and debit cards on the same online hacking forum. According to the posting, the information included the victims’ billing address and partial payment card data such as the card number, its expiration date, and the issuing bank’s name. However, the Card Verification Value (CVV) and the cardholder’s name were not included.

RELATED READING: How much is your personal data worth on the dark web?

The initial bidding price was set for US$5,000 but the cards could be purchased outright for triple the amount. Although this database sold slower than the gift cards, it was still purchased by another party within a few days.

While unnamed, the hacker behind the breach is a known entity that has been active since 2010 and has been observed to offer payment card data, compromised databases, and the personally identifiable data of US residents.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *