Over one million payment card details from South Korea sold on the dark web

Friday 2 August 2019 10:29 CET | News

More than one million stolen payment card details collected from South Korea have been offered for sale on the Dark Web, over the past two months.

The origin of the compromise remains unknown at this time, but the data comes from card-present transactions at numerous businesses in the country. Stealing payment details from card-present transactions is typically done through planting malware on systems that connect to PoS devices. In many incidents, the attack vector was a remote desktop connection protected by default or easy-to-guess password.

Therefore, one possible explanation could be that a point-of-sale (PoS) integrator was breached since these services interface with payment devices from multiple merchants. Citing researchers at Gemini Advisory that monitor card-related activities on cybercriminal forums, Bleeping Computer mentions that South Korean payment records were in low demand in 2018 as the fraudsters had a large supply available.

This changed in 2019 when the supply remained the same but demand increased, the online publication continued.

Another observation from the researchers is that 3.7% of the compromised South Korean records were from US-issued cards that belonged to US owners visiting South Korea.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: dark web, South Korea, payment card details, cybercrime, POS malware, fraud prevention
Countries: World