Data of 400,000 Bank Cards from South Korea and the US Sold on the Darknet

Group-IB specialists have discovered a database containing information on 397,365 credit and debit cards issued by banks and financial institutions in South Korea and the United States for sale on the carding site Joker’s Stash. The dump, uploaded to the network on April 9, 2020, was valued by the seller at $1,985,835, which is about $5 per record. The seller claims that the database contains data for approximately 30-40% of active cards.

Researchers note that this is the largest sale of South Korean cards in 2020: 49.9% of the records (198,233) in the database belong to users of banks from that country. Card data from South Korean banks is a rare commodity on the darknet; the last major dump from this country appeared for sale more than eight months ago.

The discovered dump mainly contains data from the second track, meaning the information stored on the card’s magnetic stripe. This includes the bank identification number (BIN), account number, expiration date, and sometimes the CVV. Second track data is used for transactions where the user must physically present the card. Theft usually occurs through a compromised POS terminal, an ATM skimmer, or by breaching a merchant’s payment system.

In this case, the source of the compromise remains unknown. Group-IB has already informed the relevant authorities in South Korea and the US so they can take necessary steps to protect affected companies and users.

“Although the published information is not enough to make online purchases, fraudsters who buy this data can still monetize it,” says Shawn Tay, Senior Threat Intelligence Analyst at Group-IB. “One method is to create a cloned card (so-called ‘white plastic’), which criminals can use to withdraw cash from ATMs or use the cloned cards to buy goods in stores.”