8 April 2021

Hacker offers for sale hundreds of thousands gift cards from Airbnb, Amazon, Marriott and other brands


Hacker offers for sale hundreds of thousands gift cards from Airbnb, Amazon, Marriott and other brands

A massive database containing hundreds of thousands stolen gift cards from thousands of brands has been offered for sale on a top-tier Russian-language underground forum.

The seller claimed that the database included 895,000 gift cards from 3,010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. The total value of offered gift cards has been estimated at $38 million, according to Gemini Advisory.

The seller put the data on auction with a starting price of $10,000 and a buy-now price of $20,000, and within days it was sold to another threat actor. Soon after, the same seller put up for sale another database containing 330,000 credit and debit cards. The data included payment card number, expiration date, and bank name, but did not include the CVV or cardholder name. This time an auction started at $5,000, with a buy-now price of $20,000, and the data was also sold within days.

The researchers believe that the both databases likely came from a breach of the now-defunct online gift card shop Cardpool.com that occured between February 4, 2019 and August 4, 2019.

Gemini Advisory also pointed out that the both sets of cards were offered at prices far below the typical price for payment and gift cards - at roughly 0.05% of the card value, although usually compromised gift cards sell for 10% of the card value. It means that the threat actor could exaggerate the total value of gift cards to boost sales, or that the gift card validity rate was likely lower, meaning that a significant portion of them were inactive or had a low balance.

According to the researchers, the hacker selling the both sets of cards is a prolific Russian-speaking actor who has been active on top-tier and mid-tier dark web forums since 2010. The hacker’s previous offerings included large collections of stolen payment card data, databases, and personally identifiable information (PII) of U.S. residents.

Back to the list

Latest Posts

Member of FIN7 cybercrime group sentenced to 10 years in prison

Member of FIN7 cybercrime group sentenced to 10 years in prison

Fedir Hladyr served as a manager and systems administrator for FIN7.
19 April 2021
NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

Russia-linked hackers are using vulnerabilities in popular enterprise equipment to gain access to corporate networks.
19 April 2021
WordPress says it will treat Google’s FLoC ad tracking technology as security issue

WordPress says it will treat Google’s FLoC ad tracking technology as security issue

While FLoC is more private than cookies, security experts argue that the technology could pose a risk to privacy if not implemented right.
19 April 2021