Credit, debit card details of 4 lakh Indians up for sale- THE HINDU- 08/02/2020 - MAINS
Revelations by the Singapore-based cybersecurity company, Group-IB.
A total of 4,61,976 card payment details has been put up for sale on Joker’s Stash, one of the most secretive portals on the darknet for buying such information.
98% of this sensitive credit and debit card details are of Indian customers.
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Malware is any software, intentionally designed to cause damage to a computer, server, client, or computer network. A type of these malware includes spyware which is a software that aims to gather information about a person or organization, without their knowledge and sends such information to another entity without the consumer’s consent.
Previously, the type of information leak included information contained in the card’s magnetic stripe often referred to as card dumps, which generally used to be stolen through the compromise of offline POS terminals.
The new leaked details are comprehensive in nature and include card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full names, their emails, phone numbers and addresses. This is referred to as fullz.
The recent revelation is the second major leak of cards relating to Indian banks detected by Group-IB Threat Intelligence team in the past several months.
In October 2019, Group-IB Threat Intelligence team had detected the first such database of over 1.3 million credit and debit card records, mostly of Indian customers.
Short term measures:
With the Indian Computer Emergency Response Team (CERT-In) having been alerted about the stolen data being offered for sale on the darknet, there is the need for necessary steps to prevent misuse of the data.
The administration is likely to issue an advisory in this regard.
Long term measures:
With increasing digitization and the growing frequency, sophistication, and threat of cybersecurity, there is a need for some long term measures.
This should include deterrent legislation, user training, better public awareness, and technical security measures that frequently exploit weaknesses in current web security.