Carding Site BidenCash Gives way 1.2 million Bank Card Data for Free

BidenCash, a carding site, once again staged a loud “advertising campaign”: the administration released a huge dump containing information about 1,221,551 bank cards for free, allowing anyone to download this data.

Let me remind you that the BidenCash website was launched in the spring of 2022 and almost immediately was promoted in a similar way: BidenCash operators decided to distribute a CSV file containing names, addresses, phone numbers, email addresses and bank card numbers to everyone for free, and thus advertise their platform. Then the experts reported that data about 6600 bank cards can be found in the dump, and about 1300 of them are new and valid cards.

As Bleeping Computer now reports, carders have begun a new, larger promotion, apparently designed to advertise new site URLs launched after the powerful DDoS attacks that BidenCash suffered last month.

Carding site BidenCash
Advertising on the open internet

In attempt to reach wider audience, scammers are promoting the new free map dump even on the open web and other hacker and carder forums. According to Cyble researchers, in total, the dump contains information about 1.2 million cards from around the world, with a validity period between 2023 and 2026. Most seem to belong to US users.

Carding site BidenCash

For most maps, the following data types are available:

  1. Card number;
  2. validity;
  3. CVV number;
  4. Owner’s name;
  5. Name of the bank;
  6. card type, status and class;
  7. owner’s address (state and zip code);
  8. E-mail address;
  9. social Security number;
  10. phone number.

Analysts believe that most of the card data was obtained from web skimmers that are malicious scripts that hackers inject into the checkout pages of online stores. Such scripts steal information about bank cards and other user data.

Since dumps of this size are usually fakes on the dark web (outright fakes or old dumps with recycled data that are repackaged under a new name), Bleeping Computer journalists carefully studied this “leak” together with analysts from the information security company D3Lab.

Unfortunately, the researchers confirmed that the data from several Italian banks is real, and the leaked records correspond to the real cards and their owners. However, most of the dump still turned out to be reworked and compiled from other leaks, for example, from the old dump of the All World Cards marketplace, which previously also distributed cards for free to everyone.

Judging by the sample studied by D3Labs experts, about 30% of the cards turned out to be “fresh”. If this result is extrapolated to the entire dump, about 350,000 cards distributed by the attackers may turn out to be valid. At the same time, the researchers say that approximately 50% of Italian cards may already be blocked, as issuing banks have detected fraudulent activity. This means that only about 10% of this leak may be of value to hackers.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button