A recent routine monitoring exercise by the Cyble Research & Intelligence Labs revealed that the operators of a payment card shop known as “BidenCash” released a dataset containing 1.2 million credit and debit card details on a cybercrime forum that’s mainly populated by English-speaking Threat Actors.
The database included 1,221,551 credit and debit card records, including the card’s name, expiration date, and 3-digit card verification value. Social security numbers of cardholders in the US were also revealed. Besides these, the database also included other sensitive information such as the bank name, address, and email of the cardholders.
A detailed analysis of the data revealed that American Express was the most affected by the incident. The prominent countries that were affected included the US, India, China, Brazil, Mexico, Turkey, Australia, and Spain. 
How did BidenCash come to the fore?
In 2021, the illegal activity related to the sale of payment cards and dump shops was mainly facilitated by several shops, such as Yale Lodge, Vengeance, and Ferguson Shop. However, after the closure of the largest payment card shop, Joker Stash, in 2021, the underground market suffered a huge setback. According to Cyble, the law enforcement actions against other illegal activities such as “Trump Dump” and “Ferum Shop” severely affected the underground market.
The researchers noted that the number of new payment card shops operating in the underground market increased following the incident. These establishments were mainly tasked with acquiring compromised credit and debit cards.
In April 2022, “BidenCash” entered the underground market. Due to their effective marketing techniques, such as releasing payment card details for free, it became one of the most popular sites during that period. In June 2022, BidenCash released almost 8 million payment card data records on a cybercrime forum. Out of these, only 6,581 records were exposed.
The release of the data by BidenCash was regarded as one of the biggest leaks of its kind on a cybercrime forum in recent years. Due to the availability of this information, Threat Actors were able to carry out fraudulent transactions using the compromised cards.
