BidenCash Leaks Over 900,000 Stolen Credit Card Records on Russian Cybercrime Forum
BidenCash, a notorious marketplace operating on the dark web, has recently leaked a significant trove of 910,380 stolen credit card records on the Russian-language cybercrime forum, XSS. The data was disclosed on April 14 at 6:37 PM UTC and includes essential card information such as card numbers, CVV codes, and expiration dates. However, the leak notably lacks any personal identifiers or cardholder names. Although the information shared is limited, it still presents a heightened risk for online fraud, particularly in situations involving card-not-present transactions.
This leak is not an isolated incident; BidenCash has a well-documented history of releasing large swaths of stolen data. The platform has previously leveraged such releases as a way to gain attention and enhance its credibility within the cybercrime community. Last March, BidenCash released a staggering 2 million credit card details, which included not only card numbers but also the full names of cardholders, bank details, expiration dates, CVV numbers, and over 500,000 email addresses. In December 2023, the marketplace followed up with another extensive leak of 1.6 million records, once again offering sensitive card information stored in an unprotected format.
Accompanying the latest leak, BidenCash claimed that the data had been gathered over the past month from various forums and Telegram groups. They referred to their internal procedure for data verification as the “anti-public system,” which is designed to identify and eliminate already-circulated card information from their marketplace. The platform asserted that they are conducting an audit of sorts, removing listings of cards that are already in circulation and penalizing suppliers whose cards were found.
While no personal names are included in this dataset, the absence of identification does not minimize the potential danger. Cybercriminals are adept at combining such data with other compromised information to facilitate fraudulent activities. Utilizing automated scripting tools for transaction testing is a common tactic, and the lack of names might allow this data to evade some detection mechanisms that rely on identity verification. Additionally, the list may be filtered by Bank Identification Numbers (BINs), letting criminals target specific banks or geographical regions, broadening the attack surface.
BidenCash has operated since early 2022, establishing itself as a key player in the underground market for stolen credit card information. Unlike many similar platforms that frequently emerge and disappear, BidenCash has remained operational by attempting to maintain control over its listings and claims to eliminate redundant or outdated data. The recent leak may also serve as a strategic move to reinforce their presence and signal their ongoing relevance in the cybercriminal ecosystem.
In the context of these events, business owners in the United States need to be vigilant. Although the data released lacks identifying details, it remains important to monitor for potential fraudulent activities utilizing exposed credit card information. Implementing measures such as setting up alerts for unusual transactions, closely reviewing bank statements, and utilizing virtual cards for online purchases can help mitigate risks. If suspicious activity is detected, it may be prudent to request a new card to prevent further complications.
Cybersecurity experts point to various techniques that may have been employed in this breach, correlating with the MITRE ATT&CK framework. Techniques such as data scraping from forums (an example of initial access), as well as the potential persistence in maintaining infiltrated networks, can be considered. Overall, this development underscores the continuous threats posed by cybercriminal organizations and the pressing need for robust cybersecurity measures among businesses.
