BidenCash-Credit-Card-Leaks-2-Million
Underground carding marketplace leaks over 2 million payment card records, enabling large-scale financial fraud.
On February 28, 2023, the operators of the notorious carding marketplace BidenCash released a dataset of 2,165,700 credit and debit cards to commemorate one year of operation.
This leak was advertised on an underground cybercrime forum, similar to cc leaks previously covered by CRIL (Cyble Research and Intelligence Labs) in October 2022 and June 2022.
Several other shops use famous personas for marketing their wares, such as Brian’s Club impersonating cybersecurity journalist Brian Krebs since 2015. Similarly, the strategy of leaking cards at scale to advertise the shops was previously utilized by All World Cards.
The data within the leak included Personally Identifiable Information such as names, emails, phone numbers, home addresses, and the main offering: payment card numbers, expiration dates, and CVV codes, with the expiration dates ranging from early 2023 up to 2052.
However, threat actors have been known to purchase expired payment cards to gain more information on potential victims.
This credit card leak contained at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards. The inherent risk is higher for debit card holders than credit card holders, due to different fraud protection.
According to our analysis, the most records leaked by country are as follows:
| Records | Country |
| 965,846 | UNITED STATES |
| 97,665 | MEXICO |
| 97,003 | CHINA |
| 86,313 | UNITED KINGDOM |
| 36,906 | CANADA |
| 36,672 | INDIA |
| 23,009 | ITALY |
| 22,798 | SOUTH AFRICA |
| 21,361 | AUSTRALIA |
| 19,700 | BRAZIL |
The top ten most impacted banks were as follows:
| Records | Bank |
| 118,826 | CHASE BANK USA, N.A. |
| 98,631 | BANK OF AMERICA, N.A. |
| 62,650 | WELLS FARGO BANK, N.A. |
| 50,832 | CAPITAL ONE BANK (USA), NATIONAL ASSOCIATION |
| 47,851 | CITIBANK N.A. |
| 35,249 | BANK OF AMERICA, NATIONAL ASSOCIATION |
| 28,296 | BBVA BANCOMER, S.A. |
| 27,192 | CAPITAL ONE BANK (USA), N.A. |
| 1,696,173 | Others |
The presence of email addresses and full information (commonly referred to as “Fullz” by cybercriminals) will make the victims of this cc leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their credit card details.
Threat Actors routinely utilize stolen credit cards for fraud by purchasing them from carding marketplaces, as we have seen in the examples of BidenCash. However, the availability of these cards for free will enable bad actors to commit more fraudulent activities. Banking institutions should monitor the dark web for these cc leaks and fraudulent activities to prevent fraud proactively.
See Cyble Vision in ActionCyble analyzes an AI-driven phishing campaign that abuses browser permissions to capture victims images and…
Dark web intelligence helps organizations detect stolen credentials, leaked data, and cyber threats early, enabling…
ACSC, NCSC, and CERT Tonga warn of growing INC Ransom activity targeting healthcare and organizations…
Cyble has identified a new Linux threat named ClipXDaemon that targets cryptocurrency users by intercepting…
Middle East faces unprecedented hybrid warfare as Iran, US, and Israel clash through cyberattacks, missile…
ENISA’s Cybersecurity Exercise Methodology helps organizations align with NIS2 and the EU Cybersecurity Act while…
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.