Massive New Credit Card Dump Offered for Purchase on Joker’s Stash

  • 30 million credit cards that were stolen from Wawa’s POS systems are for sale on the dark web.
  • The cards are offered with numbers, expiration dates, cardholder names, and even the CVV2 numbers.
  • Individuals in risk are urged to sign up for Wawa’s identity theft protection and card monitoring program.

A brand new massive credit card dump named “BIGBADABOOM-III” is for sale on the notorious darknet marketplace Joker’s Stash. The seller claims that this is the biggest breach of the last five years, and considering the numbers, it definitely looks like it is. The dump contains 30 million “perfect pure” cards, which means that they have not been compromised before, belonging to a worldwide audience (more than a hundred countries). The largest portion of the dump concerns residents of 40 US states, and the promised validity ranges between 90% and 95%.

Source: ZDNet

According to Gemini Advisory, who is an expert in the field, the card data that is for sale belongs to Wawa, a convenience store, fast food, and gas station chain, which operates 842 locations in the US. Back in December 2019, the company disclosed a POS malware infection incident that resulted in the compromise of millions of cards of its customers. The malware was found to be present on the majority payment processing systems of the chain, and the investigation found evidence of its presence since March 2019. The POS malware collected numbers, cardholder names, and expiration dates, so PINs and CVV2 numbers were supposedly not exfiltrated. However, the first data samples come with CVV2 info, so Wawa’s initial claims may have been false.

Source: ZDNet

Now that the data of 30 million cards are up for sale on the Joker’s Stash, Wawa reminds the holders that they won’t be responsible for any fraudulent charges and that they should promptly notify their card issuer when suspicious activity is evident. Moreover, the company has set up a dedicated toll-free call center to support people who are at risk of identity theft and to help them monitor their credit card activity. To sign up for this program, call “1-844-386-9556” and follow the instructions.

As for the dark web sale, the cost of each US card is $17 on average, while international cards are sold for a whopping $210 each. Gemini commented that Joker’s Stash has the tactic of waiting for the breaches to hit the news before offering the associated dumps for sale on the marketplace. This is to increase the value of the data, as the dumps become more credible thanks to the publicity. The sale has started on Monday, so if you have bought something from Wawa between March and December 2019, you should closely monitor your credit activity for the next couple of months.



Pinelands Regional School District Announced Data Breach

Pinelands Regional School District concluded an investigation about a data breach they had in March this year.The breach happened using then board...

Banking Trojan Targets 100 Organizations in Brazil

A banking trojan from Latin America was found targeting almost 100 Brazilian organizations and individuals.The malware was first noticed in late August...

The Number of Phishing Emails Impersonating Craigslist Is Growing

Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.These emails rely on brand...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari