Nevertheless, according to Group-IB's findings, despite the post author's claim that the cards were compromised from 2018-2019, 97% of the records in the database are still valid. In the entire batch Group-IB researchers found 810 expired cards, 30 of them expired in June 2021, 780 in July 2021. At least 27,112 cards are set to expire in August 2021. It can be assumed that most of the invalid cards have been removed from the database, or it is newer than declared by the author of the post.
Group-IB researchers established that the database's owner used several file sharing services to upload it. The database was contained in a password-protected zip archive with a text file containing 1 million lines with the following lines:
- Card number;
- Expiration date;
- CVV / CVC code;
- Name of the card holder;
- The address;
- Zip code;
- Email and phone for some entries
However, not all of the above fields were available for every record in the database.
According to Group-IB's Threat Intelligence team, more than 200,000 (22%) of compromised payment cards were from the Indian banks, followed by Mexican (9%), US (9%), and Australian (8%) financial institutions. The distribution of cards in the batch by the country of the issuing bank is shown on Figure 6 below.
Group-IB continues the outreach campaign to inform the affected financial organizations so that they can take the necessary steps to mitigate potential impact of the compromised data.