1 million credit cards details over a set of 800 million was released on Pastebin early this week.
Almost 1 million cards were allegedly leaked by Anonymous Ukraine on Pastebin early this week from a set of more than 800 million credit cards that has not been released yet. The investigation about from where this data could come is still on-going and unknown. The most likely theory given the format of the data loss (track 1 and track 2) is that it might come from an ATM or POS device.
This data contain track 1 and track 2 data from Visa, MasterCard, American Express and Discover cards where PAN, card expiration data, and owner’s first and last name can be gathered. A majority of cards seems to be from United States (99%) and a less significant part from Canada, Mexico and Vietnam, among others.
In spite of these huge numbers, based on ISO/IEC 7813 all data has been exhaustively analyzed by our team and we have concluded that most cards have already expired. As seen in the figure below, we have found 834.530 cards expired where the earliest date is from 2007. There is a set of cards (100.749) with a non-recognized format or invalid values that does not match the standard hence, we cannot tell the potential risk for them. We estimate that about 10.000 cards are currently valid and might be a threat for their owners, although the most likely is that the affected financial entities have blocked them to avoid fraud.
More data leakages are expected during the next months since this one is the first part of a series as said by Anonymous Ukraine on Pastebin. We will keep tracking this data to reduce at minimum the risk.
Cyber Crime Analyst at Blueliv