Carding Site BidenCash Gives way 1.2 million Bank Card Data for Free
BidenCash, a carding site, once again staged a loud “advertising campaign”: the administration released a huge dump containing information about 1,221,551 bank cards for free, allowing anyone to download this data.Let me remind you that the BidenCash website was launched in the spring of 2022 and almost immediately was promoted in a similar way: BidenCash operators decided to distribute a CSV file containing names, addresses, phone numbers, email addresses and bank card numbers to everyone for free, and thus advertise their platform. Then the experts reported that data about 6600 bank cards can be found in the dump, and about 1300 of them are new and valid cards.
As Bleeping Computer now reports, carders have begun a new, larger promotion, apparently designed to advertise new site URLs launched after the powerful DDoS attacks that BidenCash suffered last month.
Advertising on the open internet
In attempt to reach wider audience, scammers are promoting the new free map dump even on the open web and other hacker and carder forums. According to Cyble researchers, in total, the dump contains information about 1.2 million cards from around the world, with a validity period between 2023 and 2026. Most seem to belong to US users.
For most maps, the following data types are available:
- Card number;
- CVV number;
- Owner’s name;
- Name of the bank;
- card type, status and class;
- owner’s address (state and zip code);
- E-mail address;
- social Security number;
- phone number.
Analysts believe that most of the card data was obtained from web skimmers that are malicious scripts that hackers inject into the checkout pages of online stores. Such scripts steal information about bank cards and other user data.
Since dumps of this size are usually fakes on the dark web (outright fakes or old dumps with recycled data that are repackaged under a new name), Bleeping Computer journalists carefully studied this “leak” together with analysts from the information security company D3Lab.
Unfortunately, the researchers confirmed that the data from several Italian banks is real, and the leaked records correspond to the real cards and their owners. However, most of the dump still turned out to be reworked and compiled from other leaks, for example, from the old dump of the All World Cards marketplace, which previously also distributed cards for free to everyone.