A recently launched carding site called ‘BidenCash’ is trying to get notoriety by leaking credit card details along with information about their owners.
The platform was set up at the end of April but kept its offerings to lower level because its infrastructure was not ready to accommodate large-scale operations.
On Thursday, June 16, BidenCash admins decided to give away a CSV file containing names, addresses, telephone numbers, emails, and credit card numbers for free to promote their platform.
In total, the file has close to eight million lines but not all have credit card details. According to Italian cybersecurity company D3Lab, there are about 6,600 credit cards in the database.
Furthermore, there are about 1,300 credit cards that are new and valid, most of them being from VISA and belonging to U.S.-based individuals.
However, the set includes over three million unique email addresses that could be used for phishing and hijacking various accounts.
Leaking cards for promotion purposes is a common method to increase operations. Last summer, a similar site named ‘All World Cards’ did something similar, releasing one million cards stolen between 2018 and 2019.
The BidenCash store
Carding sites have been present for well over a decade and has always been a lucrative business since cybercriminals often use stolen cards to purchase legitimate services for their operations.
The data traded on these sites is stolen through various means, such as planting web skimmers on online shops to siphon payment details from customers.
Like other carding sites, BidenCash operators also provide a validity rating for new sales, the score being built after assessing a random batch of 20 cards in new sales. Every new listing is revisited for a new validity check every week, and if the rating differs significantly, it is retracted.
BidenCash also includes a filtering system, allowing threat actors to find stolen cards suitable for their campaigns by searching for specific countries, banks, or entries that have the details they need, like CVV, email, address, card type, or cardholder name.
In a test that BleepingComputer performed, cybercriminals can purchase credit cards for as little as $0.15.
Card holders should pay attention to charges made to their accounts and report any suspicious activity to their bank. Adding protections such as validating certain purchases or set up charging limits where possible, are good ways to prevent cybercriminals from using stolen cards.
Some banking services also offer virtual cards that users can revoke easily or single-use cards that are deleted automatically after making one purchase.
Finally, use MFA to protect your e-banking account and enable notifications/alerts for critical actions.