BidenCash darkweb market gives 1.9 million credit cards for free

The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals.

BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites.

The shop offers stolen card data from around the world for as low as $0.15 per item and uses verification and automated checks to check the validity of the cards people put up for sale on the platform.

Over time, the platform gained popularity among cybercriminals, boosted by occasional free dumps that helped raise its notoriety and draw new members.

This latest pack is the fourth credit card dump the carding market has released for free since October 2022, with the previous leaks counting 1.22 million, 2 million, and 230,000 cards. This brings the total to over 5 million cards leaked for free.

It should be noted, however, that analysis of the previous data dumps showed that the data packs contained some duplicates as well as invalidated or expired cards, so a significant percentage of the free packs weren't actually usable.

This time, the leaked data contains card numbers, expiration dates, and three-digit security codes (CVVs). The expiration for most cards reviewed by BleepingComputer ranges from 2025 to 2029, but we also spotted a few expired entries from 2023.

Card numbers, verification codes, and expiration dates can be used for making online purchases and moving goods through money-mule networks, so holders of valid cards leaked in this set are at direct risk of having their accounts emptied.

In addition to the risk for payment card holders, the leaked set could also be used in scams or other attacks targeting bank employees.

However, the validity of the data hasn't been confirmed yet, so it could very well be auto-generated fake entries that don't correspond to real cards.

Given the platform's history of providing genuine data in previous releases, it seems improbable that the shop would risk tarnishing its reputation with a fake pack. However, it's noteworthy that this recent release lacks the comprehensive data quality that previously set BidenCash apart.

Judging from the activity on the shop, BidenCash appears to be thriving in 2023, providing an active data and money exchange platform in a market that has experienced a decline in recent years.

To minimize the risk of payment data exposure, only shop from reputable retailers, use digital payment methods or one-time private cards, and protect your accounts with two-factor authentication.

H/T Andrea Draghetti