📖 Overview
A threat actor is advertising the sale of 10,500 U.S. credit card records. The dataset is claimed to have a 60%+ authorization success rate and 25%+ Address Verification System (AVS) approval rate. In addition to standard card fields (card number, expiration date, CVV, and cardholder details), around 3,000 entries reportedly also include associated email addresses and phone numbers.
📌 Key Details
- Victim Country: USA
- Industry: Unknown
- Threat Actor: cashmoneycard
- Network: openweb
- Category: Data Leak
- Severity: Low
- Records for Sale: 10,500
- Validity Claims: 60%+ authorization rate, 25%+ AVS approval
- Included Data: CC number, expiration date, CVV, cardholder name, billing address, city, state, ZIP, plus email and phone for ~3,000 entries
- Price Structure: Start $2,000 • Step $500 • Blitz $4,000 • PPS 12 hours
🔗 Claim Post (Plain Text)
Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.
📸 Screenshot Preview
🛡️ WhiteIntel.io Access Infostealers Check
This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.
🧩 TTPs (MITRE ATT&CK Mapping)
- TA0009 – Collection: Harvesting and selling financial account data
- T1030 – Data Transfer Size Limits: Large-scale data dumps of payment card records
- TA0010 – Exfiltration: Underground distribution and monetization of stolen PII/financial data
- TA0040 – Impact: Fraudulent transactions, resale in carding markets, identity theft
👤 Threat Actor Profile: cashmoneycard
Summary
- Total Matches: 3
- First Seen: 2025-08-03
- Last Seen: 2025-08-20
- Data Start: 2024-10-02
- Countries: USA
- Industries: –
📊 Threat Actor Activity
| Date | Country | Sector / Industry | Type | Target / Data | Network |
|---|---|---|---|---|---|
| 2025-08-20 | USA | – | Data Leak | 10K U.S. credit card records | openweb |
| 2025-08-14 | USA | – | Data Leak | U.S. credit card dataset | openweb |
| 2025-08-03 | USA | – | Data Leak | U.S. credit card dataset | openweb |
🚨 Potential Risks
The sale of large-scale credit card datasets directly enables payment fraud, identity theft, and financial crime. With AVS-approved records included, attackers can bypass basic anti-fraud filters and commit unauthorized purchases. The presence of linked emails and phone numbers for thousands of entries increases the risk of phishing campaigns, account takeovers, and social engineering attempts targeting victims.
✅ Recommended Security Actions
- Notify impacted financial institutions and card issuers immediately
- Enforce real-time monitoring for fraudulent or abnormal card activity
- Reissue compromised cards and force PIN/CVV resets
- Implement stronger fraud detection measures (behavioral analytics, geolocation alerts)
- Educate customers about phishing and potential scams linked to leaked data
- Share relevant indicators with financial services ISACs for broader awareness
💡 Final Thoughts
Payment card leaks remain one of the most consistent offerings in underground markets, with recurring demand from fraud operators worldwide. While many datasets are inflated or partially fabricated, the risk is significant when AVS-approved and high-authorization-rate claims are made. Organizations in financial services must continue to invest in advanced fraud detection systems and rapid card reissuance workflows to minimize damage from these types of leaks.
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
