Hackers Sold $38 Million Worth Gift Cards from Multiple Brands!

Hackers Sold $38 Million Worth Gift Cards from Multiple Brands!

Russian Hackers sold around 900,000 gift cards to the underground forum with having a total of $38 million. The database of sold cards is associated with multiple brands and may be connected with the previous data breach conducted over a gift card shop named Cardpool.

How the Hackers Got the Card?

Hackers Sold $38 Million Worth Gift Cards from Multiple Brands!

However, the seller did not know about how the attackers can get the cache, but the claimed holds around 895000 gift cards that are linked with 3010 companies that include Amazon, Airbnb, American Airlines, Dunkin Donuts, Marriott, Nike, Subway, Walmart, and Target.

According to the experts, this is the common practice while selling the data in bulk on these unknown hacker firms, the seller started an auction from $10,000 and it has the buy now price of $20,000. Since the sale does not take a long time.

Whereas, multiple law enforcement agencies said that these gift cards are offered by the attackers at their 10% value of original price and the price is very lower about 0.05%. The Fraction value of this leak is not calculated which signifies that the seller claims around $38 million and the overstatement while catching the attention and find the reasonable buyer. However, these gift cards are valid for a short period and most of them are inactive or have a low balance.

How this is Connected with Cardpool Breach?

Once the sale of a gift card is finished the same attacker sells the improper data of around 330,000 debit cards through an auction that was started from $5000 and sold at $15,000. The sold data deals with the billing addresses, card number, expiration date, and bank name. However, it did not includes the cardholder name or the CVV that is required for CNP transactions and other online transaction.

The specialists also said that these details of the user leaked from the data breached of Cardpool.com starting between February and August 2019. The stores that are accepting the card payments and the girt card attack both are executed by the same attacker.

According to the Payment Card Industry Data Security Standards (PCI-DSS), online stores and others are not allowed to store the CVV code and other cardholder information in their systems. The hacker responsible for these attacks are working on the hacker forum since 2010 and it also offers the uncountable details of stolen payment card data and personally identifiable information of the residents of the United States.

Leave a Reply