6k Full Credit Card details posted online along with users’ data
On October 21, 2022 Kaduu Team has discovered a database belonging to a virtual Visa credit cards provider. Recently we have already witnessed a 1.2M credit cards data breach that has been shared by threat actors as part of “marketing” campaign to promote their services.
The victim of the hacking incident this time is VCCZone. The idea of the service is simple: customers may buy pre-paid credit cards to use “anonymously” for various purposes, like paying for subscriptions, or conducting other payment operations. According to the leaked data we can assume that the company is very young and has started conducting business in 2022.
What data has been leaked?
The Kaduu Team has analysed breached database and here is a short resume of an incident. On October 20, 2022 the service has suffered a hacking attack, possibly due to a weak security configuration. During the intrusion hackers have obtained access to VCCZone’s database, that contained “users” and “cards” tables.
The following sensitive data of about 6k users is present in the original .sql file:
- User’s first and last name
- Credit card full number (not masked)
- Credit card expiry date
- CVV
- Physical address
- Password in hashed SHA1 format
- Password reset tokens
- Date and time of registration
We were saying it before and we’re saying again: no credit card data should be stored as-is in the databases.
At the time of writing this article, VCCZone hasn’t released any statements concerning this incident nor denied it.
Security of financial and credit card details is hard to be overestimated. We’re happy to deliver our readers fresh news on the matter, like this one. It’s important to stay up-to-date with any incidents happening in the darknet world.
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.