A Singapore based cybersecurity firm – Group-IB has found that details of about 1.3 million (13 lakh) credit and debit cards have been put out on sale on a darknet marketplace called Joker’s Stash. The firm, which is an expert in identifying and detecting cyberattacks claimed that of the 13 lakh cards, almost 98 per cent are from India.

ZDNet was the first to report the breach and said that Joker’s Stash is one of the oldest card shops on the dark web where hackers dump card details. The card details have been skimmed by the hackers while the bank users used it while withdrawing money from ATMs and point of sale (POS) machines.

As of September 2019, the combined number of debit and credit cards in India stood at 971.7 million as per the Reserve Bank of India’s data. 

“The (RBI’s) Department of Banking Supervision has sent out this letter as whenever there are some incidents the RBI alerts the banks and sends them a cautionary note which is sent to all the scheduled commercial banks,” an industry official told India Today.

The hackers who have stolen the card details have said that they have track-1 and track-2 data which are essential for transactions and cloning of a card. The card details are being sold at USD 100 each. With the details of 1.3 million cards, the hackers will receive around 130 million dollars.

Group IB CEO and founder – Ilya Sachkov in a statement said that the card details from India are very rare in underground markets and described the stealing as the only big sale of card dumps related to Indian banks in the past 12 months. He further said that the information has been shared with the proper authorities. 

An official at Data Security Council in India in a national publication underlined India of not having data breach disclosure laws. Nitin Bhatnagar, head of global standards body, Payment Card Industry, said the veracity of information with the hackers is yet to be ascertained.

This is not the first time that the card details of Indians were breached. Three years back in September, 3.2 million (32 lakh) debit card details were exposed after hackers found a default in Hitachi Payment Systems.

Joker’s Stash frequently provides card details on darknet. In February 2019, around 2.15 million Americans card details were out for sale on Joker’s Stash.

In August, around 5.3 million card details were available on Joker’s Stash after they were procured from gas and convenience chain.

Also Read: Ten Men Arrested For Making Fake Aadhaar Cards By Hacking Biometric Security Settings Of UIDAI