Bumper haul offered through Joker’s Stash

A massive stolen credit card database holding more than 1.3 million records has been offered for sale through a darknet marketplace.

The huge database of credit and debit card records of mostly Indian banking customers was uploaded to Joker’s Stash on October 28, according to threat intel firm Group-IB.

The black market value of the database is put at $130 million by its sellers. Every single dump in the set is valued at $100 – much higher than the average black market rate.

High-value fire sale

Group-IB’s threat intelligence team has analyzed all the card dumps from the database, more than 98 per cent of which belong to Indian banking customers.

More than 18% of the credentials in the database are related to a single Indian bank. One per cent of the stolen details have been traced to a Colombian financial organization.

According to Group-IB, this is one of the biggest single databases ever uploaded at once on an underground market, and probably one of the most expensive sales ever, to boot.

“It is true that big payment data leaks have happened before; however, the databases are usually uploaded in several smaller parts at different times,” said Ilya Sachkov, chief executive and founder of Group-IB.

“This is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

Sachkov added: “What is also interesting about this particular case is that the database that went on sale hadn’t been promoted prior either in the news, on card shop or even on forums on the darknet.

“The cards from this region are very rare on underground markets, in the past 12 months it is the only big sale of card dumps related to Indian banks.”


READ MORE Sberbank of Russia completes investigation into dark web data leak


Group-IB's threat intelligence has shared its analysis of the sale “with the proper authorities” as well as its customers.

The source of the compromised database remains unknown at the moment, a Group-IB spokesman told The Daily Swig. Each credit and debit card dump in this database is sold separately.

Asked whether the sale legit or could it be a potential scam by one gang of cybercrooks against others, Group-IB responded that this could only be determined through test purchases.

“Only banks can tell whether it is legit or not,” Group-IB spokesman Sergei Turner explained. “This should be a controlled test purchase operation by law enforcement authorized by banks.”

“Group-IB’s threat intelligence customers have already been notified about the sale of this database. The information was also shared with proper authorities,” he added.

Joker’s Stash has long been popular marketplace for cybercriminals to advertise and sell compromised credit cards.

More recently, the operators of site shifted their offerings to feature more sales of personally identifiable information outside of credit card data, including contact information and Social Security numbers.

A recent study by Recorded Future further reports that the miscreants running the marketplace while continuing to provide dedicated domains and servers for their buyers have moved its infrastructure off Tor, allowing the building blocks of the underground bazaar to be enumerated and tracked.

Domains and servers related to Joker’s Stash are spun up and used to meet surges in demand, the threat intel agency concluded.


INSIGHT Cast no shadow: History of darknet market takedowns is littered with OpSec fails