Cognyte CTI Research Group
August 12, 2021

1 Million Leaked Credit Cards on Dark Web – 2021

In early August 2021, a threat actor known as AW_cards published a data leak containing details of approximately one million stolen credit cards on several Dark Web hacking forums. The leak was shared free of charge as a promotion to the threat actor’s new carding marketplace, named AllWorld Cards.

The stolen credit card records include credit card and owner details, including credit card number, expiration date, CVV number, holder’s name, country, state, city, address, zip code and email address or phone number. In our research of the data of 1M leaked credit cards on the Dark Web, we analyzed the leaked email addresses to gain a better understanding of the risk.

Analysis of the leaked credit cards and email addresses

We analyzed all the email addresses that appeared in the leak and found approximately 600,000 email addresses were exposed. The most common email domains that appeared include:

  • – 419,000 email addresses
  • – 65,540 email addresses
  • – 20,570 email addresses
  • – 10,150 email addresses
  • – 6,920 email addresses
  • – 5,530 email addresses
  • – 4,580 email addresses
  • – 3,680 email addresses
  • – 3,570 email addresses
  • – 2,730 email addresses

Following are the top email addresses that appeared in the leak:

In addition, we identified 122 government-related email addresses, i.e. email addresses that end with a .gov TLD. These 122 records are associated with a total of 15 countries.

The distribution of governmental addresses per country is as follows:

About the threat actor’s goal

AllWorld Cards is a new card marketplace, active since May 2021. At the time of this publication, the marketplace holds an inventory of over 2,749,336 credit cards, with an average price per card of $US 6. Since late May 2021, the threat actor has been actively advertising and promoting the new platform on different Dark Web hacking-related platforms. The current leak of one million credit cards by the threat actor appears to be another marketing move to attract potential clients from hacking and cybercrime forums and increase the platform’s popularity.

Enhance your Threat
Intelligence Analytics Today

Cognyte CTI Research Group

Cognyte's Cyber Threat Intelligence (CTI) research team (formerly SenseCy) is comprised of handpicked expert analysts, many of whom are ex-military intelligence, with years of experience in cyber threat intelligence and analysis. Our research team monitors, analyzes and validates threat actors’ malicious activities on platforms such as social networks, mobile applications, Deep Web sites, Dark Web marketplaces, hacker forums, IRC channels, global CVEs and external threat intelligence generated by leading security providers. The Research group regularly produces threat alerts and intelligence reports based on region, industry and organization-specific threats, including in-depth analysis, actionable recommendations, IoCs and more, to proactively identify and mitigate threats before they materialize, to enhance resilience and prevent future attacks.
See more from this author