One of the infamous ‘Russian carding’ depositories, migalki.pw, has offered a huge archive of presumably stolen credit cards data. What makes it special is the huge amount of the credentials leaked. The seller puts 80 thousand of cards on the display. All the data is pretending to come from the only one specific bank – the biggest bank of the Middle-Asian Kazakhstan nation, Halyk Bank.
The offer is quite unusual for the carding criminals as it consist all the card data in one dump. For sure the discount has to be huge as the usual price at the black market is $20 per card. One has to trust the thief and it is widely considered not the plausible strategy. We haven’t tried to acquire it by obvious reason but we are sure that buyer is providing some sort of testing of ‘the stuff’ before the deal will be closed.
Halyk bank is the biggest bank by assets in Kazakhstan. This is not the first time that the data has been compromised. However all the other breaches were not confined to the single bank. What makes it special is that it points to the bank itself as a probable source of the leak. Usually the stolen card identities come from the MitM attacks on the data transfers outside the banks.
There is no confirmation on the authenticity of the batch. It could well be the honeypot for the would-be carders established by the bank itself. However this is somewhat risky in terms of the possible kickback to the venue’s public appearance. Halyk bank, as well as any other financial institution is interested in the image of the stable bank in which the money and personal data are well protected. The carding batch on the shelve of the black market is somewhat contradicting those efforts.