Illustration photo of a Mastercard logo on a credit card
Reuters

KEY POINTS

  • BidenCash released information on 2,165,700 valid payment cards Tuesday
  • The leak was part of the dark web marketplace's first anniversary promotion
  • Authorities have started to investigate the breach

A dark web marketplace publicly leaked the information of more than 2 million valid payment cards earlier this week, according to reports.

BidenCash released Tuesday a 260-megabyte dataset containing the details of around 2,165,700 cards to commemorate its first-year anniversary, according to digital threat intelligence provider Cyble.

Despite claiming that the leak was part of its "birthday anniversary promotion," BidenCash did not start in February or March of last year.

"Weren't you launched in June last year and not in March?" a user on an unnamed Russian forum noted, according to a report by Hackread.

BidenCash's leak contained information on 740,858 credit cards, 811,676 debit cards and 293 charge cards from countries such as Canada, China, India, Mexico, the United Kingdom and the United States.

The information ranged from card numbers, card verification value (CVV) numbers and expiration dates to full names of cardholders, bank details, home addresses and more than 500,000 email addresses.

The BidenCash dataset was also leaked to a popular Russian language hacker forum.

Authorities are reportedly investigating the incident.

Affected cardholders have been advised to monitor their accounts and report any suspicious activities to their banks.

This is not the first time BidenCash has leaked data of payment cards. The site also offered a dataset containing the information of around 1.2 million credit and debit cards last year.

In a similar story, telecommunications provider T-Mobile admitted that a hacker was able to gain access to the personal data of 37 million of its customers since November last year.

The "bad actor" was able to steal the "name, billing address, email, phone number, date of birth, T-Mobile account number [and] information such as the number of lines on the account and plan features" of their customers, according to the mobile telecommunication giant.

T-Mobile informed federal agencies of the breach and was collaborating with law enforcement to look into it.

In another story from late last year, customers of video games retailer GameStop reported having their data leaked.

People were allegedly shown the names, orders, addresses and possibly even the credit card information of other GameStop customers.

The company's customer care team responded to the apparent security breach by claiming that the data customers discovered were part of a test and "not actual customer data."

On the so-called dark web, providers of ransomware services and support pitch their products openly
AFP