Otto
Advanced
- Joined
- 22.09.20
- Messages
- 104
- Reaction score
- 423
- Points
- 63
Gift certificates belong to Airbnb, Amazon, American Airlines, Chipotle, Marriott, Nike, Subway, Target, Walmart, etc.
At one of the largest cybercrime forums, 895 thousand gift certificates worth a total of $38 million were put up for sale. The database contains certificates from several thousand brands, most likely obtained as a result of a long-standing leak from the now-defunct Cardpool gift card store.
The seller did not specify the origin of the stolen certificates, but it is known that they belong to 3010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target and Walmart. As is often the case with mass sales of data on hacker forums, the seller announced an auction with a starting price of $10 thousand. For $20 thousand, you could buy the entire database without haggling. Not surprisingly, the buyer was found very quickly.
According to Gemini Advisory, as a rule, cybercriminals sell stolen gift certificates at a price of 10% of their real value. However, in this case, the price was much lower – only 0.05% of the original cost. Such a low price could be explained by the fact that not all the certificates in the leak are valid, or by the fact that they have a low balance.
The day after the sale of the gift certificates, the same seller auctioned off the incomplete data of 330,000 debit cards. The starting price is $5 thousand, and the cost without bidding is $15 thousand. For this amount, the buyer will receive payment addresses, card numbers, their expiration dates and the names of issuing banks. The leak does not contain the names of cardholders, nor the CVV codes required for transactions without presenting the card (for online purchases).
As the experts of Gemini Advisory found out, the card data was obtained as a result of hacking the site Cardpool.com from February to August 2019. Based on this, we can assume that the gift certificates were obtained as a result of the same leak. Attackers could gain access to the online store using various methods, including exploiting vulnerabilities in the site's content management system (CMS) and selecting the administrator's credentials (brute force).
At one of the largest cybercrime forums, 895 thousand gift certificates worth a total of $38 million were put up for sale. The database contains certificates from several thousand brands, most likely obtained as a result of a long-standing leak from the now-defunct Cardpool gift card store.
The seller did not specify the origin of the stolen certificates, but it is known that they belong to 3010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target and Walmart. As is often the case with mass sales of data on hacker forums, the seller announced an auction with a starting price of $10 thousand. For $20 thousand, you could buy the entire database without haggling. Not surprisingly, the buyer was found very quickly.
According to Gemini Advisory, as a rule, cybercriminals sell stolen gift certificates at a price of 10% of their real value. However, in this case, the price was much lower – only 0.05% of the original cost. Such a low price could be explained by the fact that not all the certificates in the leak are valid, or by the fact that they have a low balance.
The day after the sale of the gift certificates, the same seller auctioned off the incomplete data of 330,000 debit cards. The starting price is $5 thousand, and the cost without bidding is $15 thousand. For this amount, the buyer will receive payment addresses, card numbers, their expiration dates and the names of issuing banks. The leak does not contain the names of cardholders, nor the CVV codes required for transactions without presenting the card (for online purchases).
As the experts of Gemini Advisory found out, the card data was obtained as a result of hacking the site Cardpool.com from February to August 2019. Based on this, we can assume that the gift certificates were obtained as a result of the same leak. Attackers could gain access to the online store using various methods, including exploiting vulnerabilities in the site's content management system (CMS) and selecting the administrator's credentials (brute force).