Card details stolen from British Airways and Newegg customers by Magecart operators went up for sale on the dark web in just over a week after the raids, potentially generating millions in revenue, according to new insight.
The fresh revelations come from a report from RiskIQ and Flashpoint detailing the activities of the various groups that have used the infamous digital skimming code over the past couple of years.
In the report, “Group 6” is pegged for the BA and Newegg attacks, described as “extremely selective” and only choosing victim organizations where a high-volume of traffic and transactions are guaranteed.
In the report, the researchers show screenshots from one of the most popular “dump shops” on the dark web.
Dated September 13, the BA-linked advertiser claims to have “CVV2 DUMPS UPDATE (HIGH VALID)” with a huge range of countries listed including the UK, US, Germany, France, Spain, Italy, Canada etc.
The Newegg ad is listed for the 27th of the same month and offers a “BIG CVV2 UPDATE” of around 500,000 cards.
Reports suggest the details were on sale for between $9-50, which means those behind the digital skimming campaigns may have been able to net tens of millions of dollars.
However, BA is still insisting that there’s not been any verified instance of fraud as a result of the incident.
Customers should not wait around to find out, according to ESET UK cybersecurity expert, Jake Moore.
“If your data was included in this breach and if you haven’t already, you’ll need to take action to protect yourself. Call your bank or card issuer, cancel the card and request a new card. No bank will ever mind being contacted for you being cautious,” he advised.
“You’ll also want to check your card statements for suspicious activity or purchases online — in particular small amounts just in case they are testing your card before a larger transaction is placed online. It also might be worth adding extra fraud alert security on your account. And it goes without saying, make sure all your passwords are unique online.”