Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/11/2019
02:15 PM
50%
50%

Joker's Stash Puts $130M Price Tag on Credit Card Database

A new analysis advises security teams on what they should know about the underground payment card seller.

Payment card data is among the most widely distributed information on the Dark Web. The breadth of data for sale in underground marketplaces can prove helpful to security teams, who can analyze this information and combine it with other threat data to learn their potential exposure and mitigate the impact of an incident, Flashpoint researchers advise in a new report.

The ecosystem for stolen payment card data ranges from low-level markets selling cards recycled from past breaches, to top-tier sellers with unused card data directly pulled from a new breach. Joker's Stash is one of the most prominent payment card retailers on the Dark Web, where it has been selling credit cards from online and physical transactions since 2014. In 2015, it began to also sell personally identifiable information including Social Security numbers.

A recent update on Joker's Stash arrived on Oct. 29, when it added data pertaining to more than 1.3 million credit and debit cards reportedly taken from banking customers in India. The data dump released was one of the largest in Joker's Stash's history, researchers report, with pricing information valued at $100 per card, which put the total for the database at $131 million.

Joker's Stash and similar marketplaces provide value beyond cybercrime, researchers say. Fraud teams can leverage its data to learn what card data is for sale and the timing of its availability on Joker's Stash. This reveals the common point of purchase (CPP) of compromised cards and can help identify the geographical source of a breach and stem its potential impact, they explain.

Read more details here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What a Security Products Blacklist Means for End Users and Integrators."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0404
PUBLISHED: 2019-12-11
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVE-2019-0405
PUBLISHED: 2019-12-11
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVE-2019-0395
PUBLISHED: 2019-12-11
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.
CVE-2019-0398
PUBLISHED: 2019-12-11
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
CVE-2019-0399
PUBLISHED: 2019-12-11
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.