DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Details for 1.3 million Indian payment cards put up for sale on Joker’s Stash

Posted on October 29, 2019 by Dissent

This site has reported on a number of data leaks and breaches in India. And as regular readers know, I now have a criminal complaint and a civil suit against me and this site in India because 1to1Help.net didn’t like me exposing their embarrassing data leak.  There’s also an injunction issued by an Indian court barring me from discussing 1to1Help.net’s data leak — a leak that continued when they ignored my attempts to alert the company that they were leaking sensitive information about their clients’ employees. They would subsequently try to claim that they thought my email notification to them  — which pointed them to specific directory filenames and urls — was “spam.” For those who may not recall, their leak was finally closed after I reached out to Microsoft and Cognizant here in the U.S. and told them that employees of their Indian subsidiaries were having personal and sensitive data exposed by 1to1Help.net and it was ignoring my notifications. I suggested those firms call them to tell them to lock down the data. That worked, it seems. And while 1to1Help.net’s clients were grateful to me for my persistent efforts to get sensitive data secured, 1to1Help.net is trying to divert blame to this site and blogger. But that reminds me:  I still don’t know if they notified everyone whose personal and sensitive information was exposed. I should probably look into that, right?

Oops? Did I just violate that injunction by talking about them?  Oh well.

You’d think I might tread carefully talking about India in light of the charges, lawsuit, and injunction, but you’d only think that if you don’t know me at all. So let’s talk about Indian leaks and breaches some more.

I recently reported on findings by GeminiAdvisory.io on fraud trends in Australia.  In their report, they had noted a different pattern in India than in Australia:

Australia was the only country of the top five APAC economies that saw overall fraud levels decrease during this period. Australia’s CNP payment card fraud dropped by 4.58%, which was greater than its 50.33% increase in CP fraud and resulted in an overall 1.39% drop in Australian payment card fraud. While India did have a drop in CP fraud by a full 48.95%, this was far offset by its 20.55% increase in CNP fraud, resulting in a 14.22% overall increase in exposure.

Today, Catalin Cimpanu reports research by Group-IB of a major dump involving payment cards of Indian consumers that will likely increase those statistics:

The new upload contains data primarily from Indian cardholders, security researchers at Group-IB told ZDNet today, after spotting the new upload just hours before.

Group-IB said the cards are being sold at a top-tier price of $100/card, putting the hackers on a trajectory of making more than $130 million from their latest haul.

Read more on ZDNet.  The dump had only occurred a few hours earlier so there hadn’t been much analysis yet, but preliminary analysis suggested that the card data may have been obtained by skimmers as opposed to website attacks such as Magecart.

Could any of this be related to what researchers from Kaspersky have also been investigating about the Dtrack spy tool that they discovered when they were analyzing the ATMDtrack malware that was targeting Indian banks?

I don’t know as this is out of my skills set altogether, but I’ll just keep reporting on leaks and breaches in India until the Indian government stops wasting its time trying to censor journalism and turns its attention to getting its country’s financial institutions, businesses, and government agencies to lock down personal information better.

 

Related posts:

  • 1,355 Indian websites Hacked by hax.r00t n saadi Pakistani hackers
  • Forbes Breach Email Statistics
  • A misconfigured AWS bucket exposed personal and counseling logs of almost 300,000 Indian employees
  • Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
Category: Breach IncidentsCommentaries and AnalysesFinancial SectorMalwareNon-U.S.Of Note

Post navigation

← UCR vulnerability may have exposed private information
SC: Prisma Health discloses third patient data breach in two months →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.