A Fresh Batch of 4 Million Credit Cards Put Up for Sale on Joker’s Stash

By Bill Toulas / November 27, 2019

The notorious darknet marketplace “Joker's Stash” is selling a huge collection of four million “perfect pure” credit card and debit card data entries. Reportedly, this is the result of recently disclosed breaches that occurred at the restaurant chains “Moe’s”, “McAlister’s Deli”, “Krystal”, and “Schlotzsky’s”. The correlation between the data that is for sale and the breaches is also confirmed by two independent financial industry analytics firms, as this case is one of the most extensive card data heists in the history of the country.


Source: Krebs on Security

Only a month ago, Joker’s Stash offered 1.3 million credit and debit cards for sale at $100 per entry. Following with a batch too soon drives the prices down, and that is why the darknet bazaar published the new breaches quite a while after they first announced them. As three of the four restaurant chains who were compromised belong to the same company, it is believed that the breaching method was through the infection of their card-processing payment systems with PoS malware.

As Krebs on Security points out, the United States is one of the last of the G20 nations to still use card swiping for payments, as the shift to the more secure chip-based cards has been inexplicably delayed. Visa reports that 80% of merchants in the country already support the new chip-based cards, but the transition is not complete yet. This makes stolen credit card data useful for crooks, as they can easily create clone cards and conduct fraudulent transactions.

As the larger merchants adopt safer payment methods, hackers turn their attention to smaller businesses that are likely to still use vulnerable PoS systems, and this case is another example of that. If you are a customer of these restaurant chains, there’s no reason to panic. Just remember that you’re not liable for any fraudulent charges as long as you identify and report them to your card issuer within a specified period of time. Most banks now offer automatic alerts, so you can keep a close eye on what’s going on with your account. If you haven’t activated an alerting service, you should do it now no matter the chances of having been breached.

Do you have anything to comment on the above story? Let us know of your views in the section down below, or join the discussion on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: