[Sethia Soliman]

BEWARE: More than a million credit card details have been found on the dark web​

Among the many ways that evil lurks among us, cybercrime could potentially be the most sophisticated and dangerous of its kind as it affects millions of unsuspecting people. Just last month, we feared for our safety amid the massive data breach at telecom giant Optus, which put countless Australians at risk.

But unfortunately, there are even more reasons to not let your guard down.

The credit card details of over a million people have been leaked as part of a promotion by a scandalous online credit card shop.

During a routine internet monitoring exercise, Cyble Research & Intelligence Labs researchers discovered that a stolen credit card marketplace, BidenCash, had dumped a dataset containing the information of over 1.2 million credit and debit cards.

Over a million credit card details have been leaked on the dark web. Source: Unsplash​

Names, credit card numbers, expiration dates, CVV numbers, and addresses were just some of the data compromised on the dark web, where the marketplace was located.

‘The subject release of the credit and debit cards data by the BidenCash shop is one of the largest leaks of its kind on any of the cybercrime or underground forums in recent times.’ Cyble stated.

‘Our detailed statistical analysis revealed that American Express (US) cards were impacted the most. The top 50 countries with the most affected consumers are the US, India, Brazil, the UK, Mexico, Turkey, Spain, Italy, Australia, and China.’

Top 10 affected countries

• United States - 676,899
• India - 158,626
• Brazil - 60,890
• United Kingdom - 24,233
• Mexico - 21,156
• Turkey - 16,171
• Spain - 14,993
• Itay - 13,391
• Australia - 12,671
• China - 12,664

The analysts believe that the card details were stolen by web skimmers, which are bits of code attached to hacked websites and checkout pages that allow thieves to see financial information.

This incident heightened the fear of hackers targetting Australians as it hasn’t been long since the Optus cyber attack.

Several investigations have been launched since the massive Optus data breach. The Office of the Australian Information Commissioner commenced an inquiry on Tuesday.

The agency will examine the personal information handling practices of Optus to determine whether it took reasonable steps to protect the details of its customers. They’ll also investigate if the information collected and retained was necessary to the business.

The incident heightened fear among Australians. Source: Unsplash​

If the investigation reveals serious or repeated privacy breaches, the commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million per contravention.

Information and Privacy Commissioner Angelene Falk urged all organisations to tighten their overall cyber security.

‘Collecting and storing personal information that is not reasonably necessary to your business breaches privacy and creates risk. Only collect what is reasonably necessary.’ she said.

The Australian Federal Police is also running two inquiries into who obtained and attempted to sell the data of the affected customers.

The consumer watchdog has been flooded with Optus-related scam complaints following the data breach.

Scammers have been taking advantage of the breach by pretending to be from the telecommunications giant or Equifax Protect, but the Australian Competition and Consumer Commission Chairwoman Cass-Gottlieb clarified that there had only been a few instances of fraudsters successfully scamming victims out of money by pretending to be from Optus.

Investigations have been launched since the Optus data breach. Source: Tech Xplore​

Be vigilant about every email, text, or call that you receive, especially when it’s from an unknown contact. It’s always better to be safe than sorry!

Learn more ways to protect yourself online by reading our Guide to Cyber Safety. Help us combat fraudsters by warning other members about recent and potential scams on the Scam Watch forum.

What are your thoughts about this new massive data breach? Better yet, how do you protect yourself from falling victim to scams? Share your tips with us in the comments.

 

[Macarj]

We the people never asked for credit debit cards we were all happy paying cash nobody should ever be out of pocket by scammers the banks forced cards upon us and they should pay I had my card used illegally but my bank ANZ is very good and contacted me because it was an usual deduction in Russia so they never got the money and this has happened a couple of times it's more of a nuisance I have to get new cards every time but at least I have lost no money YET.

 

[Ricci]

So far I've been lucky but I'm on it, I check my card statements minutely to make sure I can account for everything listed. I also check my bank balance at least once a week to make sure there's no suspicious items on there too. Luckily my bank is good and sends an email if there are big number transactions and I can ok them.

 

[Zoya]

So far I've been lucky but I'm on it, I check my card statements minutely to make sure I can account for everything listed. I also check my bank balance at least once a week to make sure there's no suspicious items on there too. Luckily my bank is good and sends an email if there are big number transactions and I can ok them.

Good idea.

 

[Josuentag]

Banks and applications constantly insist that they have the best level of security that will not allow the user's data to leak. However, every year the login algorithm in the application is simplified. Imagine that you will need to hold the phone and make payments and transactions without additional information in a few years. But consumers are asking for this simplification and a sense of comfort, wanting to combine it with safety. With the current level of technology, this is almost impossible. Therefore, when I applied for a mortgage with Mortgage Broker Cambridge, I immediately took care of the security of the transfer of my data.

 

[CoenRemak]

I heard there was a significant data breach recently. Among the victims whose databases were publicized were companies related to online delivery services, medicine, telecom, online retail, online education, and construction. Most popular companies' databases were made publicly available for free download - attackers do not want to make money but to cause maximum damage to companies and their customers. The news site https://deepweb.net/ even wrote about it. I'm not sure our government can handle it.