Jump to content

Hackers Sold 895 Thousand Gift Certificates On The Cybercriminal Forum

Recommended Posts

Gift certificates belong to Airbnb, Amazon, American Airlines, Chipotle, Marriott, Nike, Subway, Target, Walmart, etc.


895 thousand gift certificates with a total value of $ 38 million were put up for sale on one of the largest cybercriminal forums. The database contains certificates from several thousands of brands, most likely derived from a long-standing leak from the now defunct Cardpool gift card store.

The seller did not specify the origin of the stolen certificates, but it is known that they belong to 3,010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target and Walmart. As is often the case with massive sales of data on hacker forums, the seller announced an auction with a starting price of $ 10,000. For $ 20,000, it was possible to purchase the entire database without bargaining. Not surprisingly, a buyer was found very quickly.

According to Gemini Advisory, cybercriminals typically sell stolen gift certificates for 10% of their true value. However, in this case, the price was much lower - only 0.05% of the original value. This low price could be due to the fact that not all of the leaked certificates are valid, or because they have a low balance.

The day after the sale of the gift certificates, the same seller put up incomplete details of 330,000 debit cards for auction. The starting price is $ 5 thousand, and the cost without bargaining is $ 15 thousand. For this amount, the buyer will receive billing addresses, card numbers, their validity periods and the names of issuing banks. The leak does not contain the names of the cardholders, nor the CVV codes required for transactions without presenting a card (for online purchases).

As the experts of Gemini Advisory found out, the card data was obtained as a result of hacking of the Cardpool.com website from February to August 2019. Based on this, it can be assumed that the gift certificates were obtained as a result of the same leak. Attackers could gain access to the online store using various methods, including exploiting vulnerabilities in the site's content management system (CMS) and brute-forcing the administrator's credentials.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...