Singapore-based cybersecurity company Group-IB has found a data dump of more than 1.3 million credit and debit cards, mostly India records, on a dark web site called Joker’s Stash.

More than 98% of the card records belong to Indian banks, while nearly 1% come from Colombian banks.

Group-IB said over 18% of the dumps in the database are associated to a single Indian bank.

Every single dump in the set is valued at $100, valuing the entire database at over $130m.

The dump holds Track 1 and Track 2 records, which Group-IB said can be used to produce cloned cards for further cashing out.

Group-IB CEO and founder Ilya Sachkov said this is indeed the biggest card database encapsulated in a single file ever uploaded on underground markets at once.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Sachkov said: “The cards from this region are very rare on underground markets, in the past 12 months it is the only big sale of card dumps related to Indian banks. Group-IB’s Threat Intelligence customers have already been notified about the sale of this database. The information was also shared with proper authorities.”

Earlier this year, the Singapore firm uncovered Android Trojan, dubbed Gustuff, capable of targeting global banking apps, cryptocurrency and marketplace applications.

Gustuff is expected to potentially target users of over 100 banking apps, including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and users of 32 cryptocurrency apps.