Over 310,000 credit card details from six major Southeast Asian countries have been put on sale in various dark web forums, according to India-based big data cybersecurity start-up Technisanct.
In a press release that was sent out earlier this week, the company noted its discovery of a massive data breach involving 310,669 credit card details issued by top banks in Singapore, Malaysia, the Philippines, Thailand, Indonesia, and Vietnam.
The Philippines suffered the worst hit with 172,828 cards breached, while Malaysia came in second with 37,145. Following closely behind is Indonesia with 35,354.
Singapore and Vietnam had 25,290 and 23,144 cards breached respectively. Thailand recorded the lowest amount with 16,908.
The data breach was uncovered by the company’s risk analyst team during its research on threats faced by the financial sector in the Southeast Asian countries, particularly from the dark web platforms.
The team assessed 1136 BIN (Bank Identification Number) numbers of the banks from these countries from which they discovered 310,669 card information including card number, name of card holder, CVV, and expiry date.
In some cases, PIN numbers are also exposed.
Such information were actively circulated and available for sale in dark web platforms in different dumps based on their individual bank balance – higher the balance, higher the price of the card.
These data reportedly came from major dark web players like Fresh Stuff, Joker Stash, and other regular actors who trade these kinds of data.
“The results are alarming as it seems no one is aware that such huge volume of payment card details is available in public. Any threat actor can get those card details and cause financial loss to the owners of the payment cards. The banks who are the issuer of the card may face big reputation damages too,” said Nandakishore Harikumar, Chief Executive Officer at Technisanct.