Hacker offers for sale hundreds of thousands gift cards from Airbnb, Amazon, Marriott and other brands

Hacker offers for sale hundreds of thousands gift cards from Airbnb, Amazon, Marriott and other brands

A massive database containing hundreds of thousands stolen gift cards from thousands of brands has been offered for sale on a top-tier Russian-language underground forum.

The seller claimed that the database included 895,000 gift cards from 3,010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. The total value of offered gift cards has been estimated at $38 million, according to Gemini Advisory.

The seller put the data on auction with a starting price of $10,000 and a buy-now price of $20,000, and within days it was sold to another threat actor. Soon after, the same seller put up for sale another database containing 330,000 credit and debit cards. The data included payment card number, expiration date, and bank name, but did not include the CVV or cardholder name. This time an auction started at $5,000, with a buy-now price of $20,000, and the data was also sold within days.

The researchers believe that the both databases likely came from a breach of the now-defunct online gift card shop Cardpool.com that occured between February 4, 2019 and August 4, 2019.

Gemini Advisory also pointed out that the both sets of cards were offered at prices far below the typical price for payment and gift cards - at roughly 0.05% of the card value, although usually compromised gift cards sell for 10% of the card value. It means that the threat actor could exaggerate the total value of gift cards to boost sales, or that the gift card validity rate was likely lower, meaning that a significant portion of them were inactive or had a low balance.

According to the researchers, the hacker selling the both sets of cards is a prolific Russian-speaking actor who has been active on top-tier and mid-tier dark web forums since 2010. The hacker’s previous offerings included large collections of stolen payment card data, databases, and personally identifiable information (PII) of U.S. residents.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025