Experts found data in the public domain that allows you to withdraw money from the accounts of Russians. Since the beginning of the invasion of Ukraine, hackers have leaked the credit card details of more than 110,000 customers of Sberbank, Russia’s largest bank, to the Internet. Details are written by the Cybernews website, citing data from the research company Cyberint.
Read also: Anonymous hackers announced hacking of Belarusian government websites
According to a recent study, Sberbank accounted for 18% of all “leaks” of card data in the world from February to April 2022. For comparison: three months before the start of a full-scale war in Ukraine, hackers published data on about 12.3 thousand cards, or 4% of the total worldwide, on the dark web.
“Sberbank accounted for about a third of all banking assets in Russia. Our team has discovered several groups of threats that have recently compromised this bank, such as DoomSec and Ares, and also hacked data published in Telegram channels,” experts commented to a Cybernews journalist.
Credit card numbers, expiration dates and CVV codes are leaked to the public – everything you need to complete online transactions, such as buying goods or transferring funds. Cyberint analysts concluded that many of the accounts are still valid and unrelated to earlier incidents where Sberbank customers were exposed.
Hackers offer data in two formats: text – card number, expiration date, cardholder’s name, address and CVV; dump – information from the magnetic strip of the card, which allows you to recreate it and pay at terminals or withdraw money from ATMs.
Researchers attribute the increase in the number of compromised cards to the @ccantipbot Telegram bot, a marketplace where users can sell or buy fresh credit card data. It is assumed that the platform is operated by a group of hackers engaged in skimming – stealing data using a special device called a skimmer.
On May 22, an anonymous user from Russia posted in the public domain a list of tens of thousands of stolen cards that a group of attackers had been collecting until 2021. Analysts failed to find out the exact cause of the leak; Cyberint most likely associates it with Russia’s invasion of Ukraine. Perhaps one of the employees of Sberbank, who has access to internal systems and databases, made public the data in order to destroy the company.