Cyber criminals leak one million credit cards on the dark web
Among the stolen hoard are customer details from US and Canadian banks


Hackers have given away the details of over a million stolen credit cards in a bid to promote a new cyber criminal carding marketplace on the dark web.
The cards were stolen between 2018 and 2019 and have appeared on a stolen card market called AllWord.Cards.
According to researchers at Cyble, the hackers unleashed these details to promote their cyber crime marketplace and over 20% of the credit cards are still valid. The marketplace has been around since May 2021 and is available on a Tor channel too.
The leaked details contain credit card numbers, expiry dates, CVV numbers, names, addresses, zip codes, email addresses, and phone details.
The leak affects up to 500 banks, including JP Morgan and Toronto-Dominion Bank (TD Bank). Around 83,433 of the cards were from the US.
The leak has also been analyzed by Italian cyber security company D3 Lab. It found that over 50% of the cards were still valid.
“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised,” researchers said.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“The cards marketed on carding sites usually have different origins: skimmers at petrol stations or in supermarket Point of Sale, cards from phishing, from databases of compromised sites, etc.”
RELATED RESOURCE
2021 IBM Security X-Force Insider Threat Report
Top discovery methods and recommendations for insider attacks
D3 Lab researchers said the All World Cards curators began advertising their services on carding sites in early June.
“It is conceivable that the data was shared for free to entice other criminal actors to frequent their website by purchasing additional stolen data from unsuspecting victims,” said researchers.
Javvad Malik, security awareness advocate at KnowBe4, told ITPro that as these were stolen some years ago, it can be difficult to determine where they came from and if they were from a single source or multiple sources.
“It goes to show that even if a breach isn't apparent or noticed, criminals can take advantage of lax security controls many years after the fact. So all organizations should remain vigilant at all times,” he said.
“The good news is that banking has tried and tested controls in place to deal with stolen credit cards and fraudulent transactions. Consumers should always check their bank statements carefully and ensure that there are no unknown transactions and contact their bank as soon as possible if there is any suspicious activity to get the card blocked and a new one issued."
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
"I LOVE this company!" Looking back on 50 years of tech giant Microsoft
Opinion There have been highs, lows, laughs and lots of success in the past 5 decades for the Redmond-headquartered firm
By Maggie Holland Published
-
Verizon Call Filter API flaw could’ve exposed millions of Americans’ call records
News A security flaw in Verizon's Call Filter app could’ve allowed threat actors to access details of incoming calls for another user, a security researcher has found.
By Ross Kelly Published
-
FBI warns scammers are using cryptocurrency ATMs to siphon cash
News Criminals will stay on phone with victims as they make payments, says advisory
By Danny Bradbury Published
-
Hackers fake DocuSign and offer fraudulent signing methods
News Criminals impersonate the e-signing company to steal credentials
By Rene Millman Published
-
Account takeovers rise nearly threefold during pandemic
News Financial services hit hardest by account hijackers, says Sift report
By Danny Bradbury Published
-
SentiLink raises $70 million for its identity verification platform
News SentiLink’s ID Theft Score helps businesses combat synthetic fraud
By Praharsha Anand Published
-
Content fraud levels continue to rise in 2021
News The pandemic has ushered in a new level of scams and misinformation
By Danny Bradbury Published
-
What is DMARC and how can it improve your email security?
In-depth Protect your customers and brand rep with this email authentication protocol for domain spoofing
By Gabriella Buckner Published
-
FTC warns of rising cryptocurrency fraud
News Marked rise in cryptocurrency losses began just as pandemic took hold
By Danny Bradbury Published
-
E-commerce fraud to surpass $20 billion this year
News Research finds merchants need to do more to implement fraud prevention
By Rene Millman Published