loader gif

Over 1 Million South Korean payment cards put up for sale on Dark Web

Over 1 Million South Korean payment cards put up for sale on Dark Web
  • According to Gemini Advisory, 230,000 records were put up for sale in June 2019, and 890,000 records in July 2019.
  • Researchers determined that among the compromised South Korean payment cards, 3.7% were US-issued cards.

Researchers from Gemini Advisory have found out that over one million South Korean payment cards have been put up for sale on the dark web since May 29, 2019.

What happened?

South Korea has become the latest major victim of Card Present (CP) data theft after details of over one million payment cards have been made available online. According to Gemini Advisory, 230,000 records were put up for sale in June 2019, and 890,000 records in July 2019.

However, the source of these payment card details has not yet been identified yet. Since the payment card records contained only CP (Card Present) details, this automatically rules out web-based skimmers (Magecart scripts) installed on online stores.

Other possible sources include:

  • Malware installed on Point-of-Sale (PoS) systems at stores or restaurants
  • Breach at a bank, payment provider, or PoS company
  • Card skimmer devices installed on ATMs or PoS terminals.

“While the exact compromised point of purchase (CPP) remains unclear, these records may have been obtained from the breach of a parent company that operates several different businesses in a variety of locations. It is also possible that a point-of-sale (POS) integrator was breached, allowing a threat actor access to a single integrator service that interfaces with many merchants,” researchers said.

Key Findings

  • Researchers determined that among the compromised South Korean payment cards, 3.7% were US-issued cards.
  • One of the most affected US financial institutions was a credit union that primarily serves the US Air Force that maintains multiple air bases in South Korea.
  • They also determined that most of the victims are US cardholders visiting South Korea.

“The median price per record from this spike is $40 USD, which is significantly higher than the median price of South Korean CP records across the dark web overall, which is approximately $24 USD,” Gemini Advisory said.

loader gif