One of the largest and most widely used outlets for stolen card data, Joker's Stash, has reported announced it will close up in February 2021. Since 2014 Joker's Stash has become one of the largest trading posts for stolen cardholder data, seeing data from some on the World most high profile breach finding its way onto the site, such as Saks Fifth Avenue, Hilton Hotels and Whole Foods.
Continuing law enforcement pressure has reduced the impact of the site and the apparent quality of the data for sale. In December 2020, US Department for Justice together with Interpol took down four of the domains operated by Joker's Stash in an attempt to disrupt the operation. Joker's Stash popularity also attracted the unwanted attention of criminals looking to steal login credentials and bitcoins from users. Is there no honour amongst thieves! All of this negative attention has lead the sites administrator to make the decision to take the site down and to burn all the databases of card data.
Does this mean our card data is now safe? With a major outlet for the data no longer operating can we all relax our security? Absolutely not! So long as stolen data, such as personal information and card data, has value there will always be those that will look to capitalise on this low risk and high reward crime. Some researches estimated that Joker's Stash has generated over a Billion Dollars in revenue since it began trading. In 2020 alone it saw more that 35 million card present details (Track2 data), and 8 million card not present information (Cardholder name, PAN, Expiry data, and Card security value), advised for sale. Examples of the considerable value to this data came in 2019 when Joker's Stash was used to sell card data stolen from Indian banks for £78 a piece. The hackers were selling 1.3 million records netting them profitable £101 million!
There are already other Dark Web outlets for stolen information such as card data, and the void left by Joker's Stash will be quickly filled. Can we even trust that the administrator of Joker's Stash will be heading off into retirement? Or is this just a means of ducking the heat and attention they have attracted.
If you own or manage an environment where card data is present 3B Data Security are here to help you with all matters relating to data security, PCI compliance, vulnerability identification, breach investigation, incident response planning, environment monitoring and breach detection, and many other services.