The International Company, Group-IB, which specializes in preventing cyber attacks, has discovered new databases with a total of 69,189 Pakistani bank cards that have shown up for sale on the dark web. This indicates the activity of advanced financially motivated threat actors in the region.
The total value of the databases leaked is estimated to be around $3.5 Million. The statistics that the database provided has been shocking. It seems like the attack was not generally on all Pakistani Banks but targeted to Meezan Bank, which relates to 96% of the card dumps! Meezan Bank Card owners should be vigilant and change their pin codes as soon as possible.
However, Meezan Bank was quick to dismiss any security vulnerability and assured customers that necessary steps had been taken. The full statement is as follows:
‘We are aware of this rumour going around. All our security measures are in place and we have not experienced any unusual event
Also, we have taken the following steps to safeguard our customers:
1. Customers are forced to change their PINs on ATM machine if they haven’t changed them in 6 months.
2. All Meezan ATMs are Chip Card enabled which protects against any skimming
3. Furthermore, Meezan Bank has introduced a unique and innovative SkimGuard service that protects high value transactions through real time OTP verification on ATM machine.
Must Read: DELAY IN LICENCES A CAUSE OF CONCERN FOR TELECOM OPERATORS
As you can see, we have various steps in place to ensure the safety and security of our customers and their data. While we are unable to verify the authenticity of the rumours at this point, we can confirm that our customers, their cards and their money is safe.’
This has been the second biggest sale of Pakistani bank cards in the past 6 months. Pakistani bank cards are usually not subject to illegal underground sales but the presence of PIN codes along with the card explains the high price of each card which is selling at 50USD, rather than the normal prices of 10-40USD.
First set of dumps, titled «PAKISTAN-D+P-01», was up for sale on Jan. 24, 2019 and included 1,535 cards, 1,457 of which were issued by Meezan Bank Ltd. It is worth noting that this batch of cards was not announced on the forum.
The second database was put up on Joker’s Stash on January 30th. The «PAKISTAN-D+P-02» set, comprised of the details of 67,654 cards of Pakistani banks was significantly larger. The sellers marked the set as “high valid” and, unlike the first set, advertised the database on all major underground forums such as («Omerta», «Crdclub», «Enclave» etc.).
There has been a statement from Dmitry Shestakov, Head of Group-IB cybercrime research unit, which said:
69,000 PAKISTANI BANK CARDS DETAILS LEAKED ESTIMATED WORTH: $3.5 MILLION
‘The scale, volume, frequency and connection to one institution contributes to the theory that the leak might be involved in a larger incident, potentially an advanced actor gaining access to card systems within Pakistan.’