Carding Site BidenCash Gives way 1.2 million Bank Card Data for Free

BidenCash, a carding site, once again staged a loud “advertising campaign”: the administration released a huge dump containing information about 1,221,551 bank cards for free, allowing anyone to download this data.

As Bleeping Computer now reports, carders have begun a new, larger promotion, apparently designed to advertise new site URLs launched after the powerful DDoS attacks that BidenCash suffered last month.

Advertising on the open internet

In attempt to reach wider audience, scammers are promoting the new free map dump even on the open web and other hacker and carder forums. According to Cyble researchers, in total, the dump contains information about 1.2 million cards from around the world, with a validity period between 2023 and 2026. Most seem to belong to US users.

For most maps, the following data types are available:

1. Card number;
2. validity;
3. CVV number;
4. Owner’s name;
5. Name of the bank;
6. card type, status and class;
7. owner’s address (state and zip code);
8. E-mail address;
9. social Security number;
10. phone number.

Analysts believe that most of the card data was obtained from web skimmers that are malicious scripts that hackers inject into the checkout pages of online stores. Such scripts steal information about bank cards and other user data.

Since dumps of this size are usually fakes on the dark web (outright fakes or old dumps with recycled data that are repackaged under a new name), Bleeping Computer journalists carefully studied this “leak” together with analysts from the information security company D3Lab.

Unfortunately, the researchers confirmed that the data from several Italian banks is real, and the leaked records correspond to the real cards and their owners. However, most of the dump still turned out to be reworked and compiled from other leaks, for example, from the old dump of the All World Cards marketplace, which previously also distributed cards for free to everyone.