Gift Cards Worth Rs 285 Crore, 3.3 Lakh Credit Cards Sold on Dark Web for Over Rs 26 Lakh

123


A data breach of an online gift card portal has reportedly led to the sale of its database, containing 3.3 lakh credit and debit card entries, as well as gift cards worth over Rs 285 crore. According to cyber security firm Gemini Advisory, a threat actor was spotted auctioning the data on a noted Russian Dark Web hacker forum in February 2021. The database, which has now reportedly been sold, included merchandise via gift cards worth an estimated $38 million, or close to Rs 300 crore. The range of gift cards that were siphoned off through this database reportedly includes frontline brands such as Amazon, AirBnB, Marriott, Nike and Walmart, among others.

The said hacker reportedly marketed the stolen gift cards for an auction price of $10,000, with a direct purchase price of $20,000 (approx. Rs 15 lakh). The purchase of this breached database is reported to have been closed quite early, with a second threat actor buying out the database. Subsequently, Gemini Advisory also notes that a second database containing 3.3 lakh stolen credit and debit cards were also sold off at a direct purchase price of $15,000 (approx. Rs 11 lakh), hence signing off on breached databases. This Dark Web transaction marks an incident where the hackers used a direct breach to pool together a database and use the data for direct financial benefits.

Gift card hacks and breaches are a common but interesting way through which hackers make money. In this case, for instance, the threat actors who eventually bought the database can sell or auction the same gift cards on various gift card trading platforms on the open web, for further commercial gains. The stolen credit and debit cards also play a major part here, using which hackers can buy further gift cards to cash in on the opportunity. The main gaffe here is that banks only act on blocking stolen credit or debit cards based on suspicious activities or user complaints.

However, given how slow and cumbersome the process is, hackers would have already purchased gift cards and traded them away for higher value transactions, by the time this comes to anyone’s notice. As Gemini’s report on the matter reads, “For most cyber criminals, the trick is not in acquiring stolen cards but in devising the most efficient way to cash out the funds on the cards before financial institutions can flag them as compromised.”

Gemini states that both the databases were reportedly sourced from once-popular gift card auctioning platform CardPool, which has since pulled down its shutters citing struggles of the Covid-19 pandemic. The platform was once popular among American users.

Read all the Latest News and Breaking News here



Source link