Cyber Attacks

455,000 Turkish card details put up for sale


Details of more than 455,000 Turkish payment cards are currently put up for sale on Joker’s Stash which is the internet’s largest carding shop.

The data was published online in four batches between October 28 and November 27 and it is considered as the largest sale of Turkey-based payment card details in recent years.

According to the security researchers at Group-IB who tracked the underground market for stolen credit cards, the cards from Turkey are normally not seen on carding shops. In the past 12 months this is the only big sale of payment cards related to Turkish banks.

The four batches (30K + 30K + 190K + 205K) are estimated to cost more than $500,000, when sold.

The researchers stated that the card dump included both debit and credit cards, and the cards originated from a broad spectrum of Turkish banks.

It is evident from the wide variety of card types and issuing banks that the data came from a source that handles payments and not from just a single bank’s hacked system.

Dmitry Shestakov, Head of Group-IB’s сybercrime research unit said that the compromised credit and debit cards were identified as raw cards data also known as ‘CCs’ or ‘fullz’. It contained information such as expiration date, CVV/CVC, cardholder name and also some additional info like email, name and phone number.

Since emails and phone numbers are also included, it indicates that that this information was not obtained from skimming devices installed on ATMs or PoS devices.

Shestakov believes the data might have come only from either of the three sources:

  • From the users who were tricked into entering card details into phishing pages
  • Through malware that collected this data from browsers, or
  • JavaScript-based skimmers that stole the data while the user was entering it on a hacked online store.

The most possibility is for the third option. Nowadays Magecart attacks (JS skimmers) have become widely popular, but Shestakov stated that they can be sure if JS-sniffers were involved or not. At present the source of this compromise is not known.

This is the second major card dump Group-IB has found this year. They have notified the relevant Turkish local authorities to take appropriate measures.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New Linux Vulnerability lets attackers Hijack Encrypted VPN Connections

    Previous article

    New PlunderVolt Attack affects Intel CPUs

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *