Details of more than 455,000 Turkish payment cards are currently put up for sale on Joker’s Stash which is the internet’s largest carding shop.
The data was published online in four batches between October 28 and November 27 and it is considered as the largest sale of Turkey-based payment card details in recent years.
According to the security researchers at Group-IB who tracked the underground market for stolen credit cards, the cards from Turkey are normally not seen on carding shops. In the past 12 months this is the only big sale of payment cards related to Turkish banks.
The four batches (30K + 30K + 190K + 205K) are estimated to cost more than $500,000, when sold.
The researchers stated that the card dump included both debit and credit cards, and the cards originated from a broad spectrum of Turkish banks.
It is evident from the wide variety of card types and issuing banks that the data came from a source that handles payments and not from just a single bank’s hacked system.
Dmitry Shestakov, Head of Group-IB’s сybercrime research unit said that the compromised credit and debit cards were identified as raw cards data also known as ‘CCs’ or ‘fullz’. It contained information such as expiration date, CVV/CVC, cardholder name and also some additional info like email, name and phone number.
Since emails and phone numbers are also included, it indicates that that this information was not obtained from skimming devices installed on ATMs or PoS devices.
Shestakov believes the data might have come only from either of the three sources:
- From the users who were tricked into entering card details into phishing pages
- Through malware that collected this data from browsers, or
The most possibility is for the third option. Nowadays Magecart attacks (JS skimmers) have become widely popular, but Shestakov stated that they can be sure if JS-sniffers were involved or not. At present the source of this compromise is not known.
This is the second major card dump Group-IB has found this year. They have notified the relevant Turkish local authorities to take appropriate measures.