Three New Data Dumps of Credit Card Info for Sale on Hacking Forums

By Bill Toulas / February 22, 2019

Three fresh and neatly packaged data dumps containing the credit card details of millions of Americans and thousands of Pakistanis have found their way on popular hacking forums, and are available for purchase. Some of the bank card accounts are sold for a whopping $50 each, while the total cost of all three of them collectively reaches the figure of $3.5 million. Buying one of the card details would allow a criminal to create a fake clone card and withdraw money from an ATM as if they were the real owners of the account. Many of these card details come with the associated PIN codes, so it’s pretty straightforward for cyber-criminals to exploit them.

What seems to be unique in two of these dumps is the fact that they concern the credit card details of 69189 Pakistani users who were never compromised before. This raises the value of the dump, as the victims are new to loot, and thus the chances of them having already issued new card details are slim. The first collection includes 1535 cards with 95% of them belonging to Meezan Bank customers, while the second batch consists of 67654 cards with 96% deriving again from Meezan Bank. Russian cyber-security investigators say that the sale of these details occurs on Joker’s Stash, Omerta, Crdclub, and Enclave. Meezan Bank has not reported on a hack or database breach, but considering that most details come from them, it is entirely possible that they suffered one in the recent months. With the above information being disclosed now, they will have a lot to explain to their customers and take action before it’s too late.



The third data dump that concerns 2.15 million American citizens is called the “DaVinci Breach” and is sold on Joker’s Stash again. According to ZDNet’s anonymous intel sources, the dump seems to be valid. The Joker Stash is advertising the dump as “perfect pure fresh”, and adds that it contains account details from 40 US states and another 70 countries. Besides the ATM withdrawals, fraudsters can also use the clone cards in POS machines of “smurfing” companies, or just by goods online by using the provided number and CVV code. However, these activities are not passing under the radar of the banks’ anti-fraud systems, so criminals have to do this on third-world countries that don’t have such policies in place.



Have you ever fallen victim of a credit card fraudster? Let us know of your experience in the comments section below, and help others stay protected by sharing this post through our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: