惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
A
About on SuperTechFans
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
Vercel News
Vercel News
G
Google Developers Blog
J
Java Code Geeks
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
MyScale Blog
MyScale Blog
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
Latest news
Latest news
I
Intezer
L
Lohrmann on Cybersecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Threatpost
博客园 - 【当耐特】
S
Schneier on Security
P
Privacy International News Feed
G
GRAHAM CLULEY
T
Tenable Blog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
博客园 - Franky
Engineering at Meta
Engineering at Meta
美团技术团队
S
Secure Thoughts
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
SecWiki News
SecWiki News
V
Visual Studio Blog
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Martin Fowler
Martin Fowler
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Threat Intelligence Blog | Flashpoint

Understanding Illicit Ecosystems: How Dark Web Forums Structure Cybercrime AI, Trust, and the Future of Threat Intelligence Remus Stealer: A New, Not-So-New Infostealer America250 Fourth of July Threat Assessment Unmasking the Digital Trail: Essential Techniques for Vetting AI-Generated Content The Shift to Threat-Informed Prioritization: Operationalizing CISA BOD 26-04 Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground How to Align and Measure Threat Intelligence Operations: Flashpoint Priority Intelligence Requirements The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation Understanding Illicit Ecosystems: The Hybrid Threat of “The Com” AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities How Mergers and Acquisitions Expand Your Attack Surface Overnight The Evolution of the Geotag: How AI is Bridging the Gap in Location-Based OSINT Navigating the Threat Landscape of the 2026 FIFA World Cup Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities Flashpoint MCP Server: Operationalizing Cyber Threat Data for Agentic AI Security Workflows 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders Escalation in the Middle East: Tracking “Operation Epic Fury” Across Military and Cyber Domains How to Build and Operationalize Priority Intelligence Requirements National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges Flashpoint Surpasses Cataloging 7,000 Known Exploited Vulnerabilities as Disclosure Volume Accelerates Why Intelligence Requirements Fall Flat and How to Fix Them with a Practical Priority Intelligence Requirements Framework The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management Forrester Threat Intelligence Landscape: Key Takeaways for Security Leaders Connecting Threat Intelligence to Decision-Making: How Flashpoint Is Operationalizing Intelligence in 2026 Iran-Aligned Militias Signal Expanded Regional Risk Amid US–Israel–Iran Conflict Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report What to Know About the Notepad++ Supply-Chain Attack Cyber Threat Intelligence Index: Q3 2023 Edition Beyond Hamas: Militant and Terrorist Groups Involved in the October 7 Attack on Israel The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram About Us Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware Unmasking the Attacker and Decoding Threat Actor Patterns The Flashpoint Firehose: 5 Questions With Michael Raypold, VP of Engineering The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism Lessons From Clop: Combating Ransomware and Cyber Extortion Events How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss Beyond Gates and Alarms: The Scope and Impact of Physical Security Intelligence Why We Built Flashpoint Ignite: Unity, Power, and Performance The Risk-Reducing Power of Flashpoint Video Search Flashpoint in 2023: A Note From Our CEO 5 Reasons Taiwan Is a Growing Source of US-China Tension Why We Acquired Echosec Systems: The OSINT Revolution Open Source Intelligence
Card Shop Threat Landscape: BidenCash Dumps 2.1M Stolen Credit Cards
Flashpoint Intel Team · 2023-03-03 · via Threat Intelligence Blog | Flashpoint

On February 28, 2023, card shop BidenCash announced its one-year anniversary. To commemorate the event, the administrators of BidenCash shared a text file of 2.1 million compromised credit cards for free on a top-tier Russian-speaking darknet forum XSS. Here’s what we know about the most recent BidenCash dump, and what this means in the context of the greater card shop threat landscape.

Initial findings

Our initial findings indicate that the text file with the credit card numbers contains a host of personally identifiable information (PII), including the cardholder’s name and address as well as private financial data such as the  full card number, expiration date, CVV number, and bank name.

Additionally, about 70% of the cards have expiration dates in 2023; 50% of the cards belong to US-based people or entities; while fewer than 5% of them are based in China and the UK.

pie chart

While BidenCash currently ranks in the top-5 card shops by total volume (above), quality (the viability of the cards) always trumps the quantity (total number of cards). BidenCash’s release is one of the largest observed in the last year, where a typical release is somewhere in the ballpark of 40,000 stolen credit cards. Like any offering of free samples, the goal is to attract new customers to the storefront. The actual mileage on those credit cards may be limited, as they are approaching expiration, or have likely been already flagged for fraud by financial institutions. 

Not the first BidenCash release

BidenCash has previously released large compromised card dumps to gauge interest in its card shop. For example, on June 16, 2022, BidenCash card shop released a database with information of 7.9 million individuals on the top-tier Russian-language forum XSS.

The Great Cyber Exit: Why the Number of Illicit Marketplaces Is Dwindling

Read the blog

On August 2, 2021, another card shop AllWorldCards announced on XSS the release of 1,000,000 credit cards for free. The data contained in these records included full credit card numbers, expiration dates, CVVs, and in some cases other PII, including country, state, city, address, zip code, email, phone number).

BidenCash vs. The competition

Since the official closure of Joker’s Stash on February 15, 2021, several card shops have attempted to earn the title of “top card shop,” with Telegram-based shops increasingly conquering market share from more traditional web-based shops. BidenCash is currently a mid- to-top-tier card shop in terms of volume and popularity with threat actors. The shop has managed to steadily increase the volume of cards sold through its platform throughout 2022 and the shop’s giveaway of free credit cards likely constitutes a push to increase its popularity in a still-malleable market. 

BidenCash launched on April 27, 2022, shortly after Russian authorities seized a number of illicit card shops, including Forum, Trump Dumps, and UniCC, along with the carding forum Sky-Fraud and Remote Desktop Protocol access shop UAS. These cybercrime-related takedowns—which represent one of the last actions of Russian authorities in the cybercrime realm before its military 2022 invasion of Ukraine—launched significant movements in the market of credit card shops, as new or emergent card shops breathed fresh competition into the illicit landscape.

Fight card fraud with Flashpoint

With more than 2 billion stolen credit cards in our collections, Flashpoint’s Card Fraud Mitigation helps fraud teams detect compromised credit cards from illicit communities and data breaches, and identify high-risk merchants before fraudulent transactions occur or multiply. Card Fraud Mitigation unlocks visibility into attacker techniques, emerging trends, and new fraud schemes to help teams quickly take action.

Flashpoint cyber threat intelligence tools provide teams with access to illicit online communities including closed sources across forums, the open web and chat services platforms, as well as indicators of compromise (IOCs), and technical data as analyzed by Flashpoint intelligence analysts. Sign up for a demo today.