Gift cards worth $38 million sold on dark web

In Opinions

Amer Owaida, Security Writer at ESET explains that easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground

A cybercriminal has sold almost 900,000 gift cards and over 300,000 payment cards on a top-tier cybercrime forum on the dark web. The total value of the cards was claimed to be some US$38 million. The hacker probably gained access to the data by compromising the backend infrastructure of a gift card marketplace.

According to a report by fraud intelligence firm Gemini Advisory, the stolen cards originated from a 2019 breach of an online discount gift card marketplace that has since gone offline. “As the payment cards were stolen from a gift card store and both the payment cards and gift cards were sold by the same actor, Gemini assesses with moderate confidence that the gift cards offered for sale were also stolen during the breach of,” the company said.

Since they’re easy to redeem and tough to track, gift cards are an increasingly popular target for fraud.

One of the company’s analysts observed offers to sell the cards in bulk on the Russian-language forum in February 2021. While the actors behind the sale didn’t reveal how they obtained the cards or what their origins were, they did disclose that the loot contained more than 3,000 brand-name gift cards from as many companies, including Airbnb, Amazon, Nike, Marriott, Walmart, and others. The threat actors set up an auction with the bidding starting at US$10,000 and a buy now price of double the initial bidding price. The database was sold within a few moments of being posted.

Gemini Advisory pointed out that the gift cards sold for an unusually low amount: “Typically, compromised gift cards sell for 10% of the card value in the dark web; however, the 895,000 cards offered from the breach were priced at roughly 0.05% of the card value.” Although that may be chalked up to the hacker overstating the total value, it is more likely that the price accounts for the fact that a sizeable number of the cards wouldn’t work or have a low balance.

A mere day after selling the gift cards, the same cybercriminal offered to sell 330,000 payment and debit cards on the same online hacking forum. According to the posting, the information included the victims’ billing address and partial payment card data such as the card number, its expiration date, and the issuing bank’s name. However, the Card Verification Value (CVV) and the cardholder’s name were not included.

The initial bidding price was set for US$5,000 but the cards could be purchased outright for triple the amount. Although this database sold slower than the gift cards, it was still purchased by another party within a few days.

While unnamed, the hacker behind the breach is a known entity that has been active since 2010 and has been observed to offer payment card data, compromised databases, and the personally identifiable data of US residents.


You may also read!

Multi-Cloud requires impeccable digital hygiene

Dave Russell, Vice President, Enterprise Strategy at Veeam Software elaborates on how businesses looking to deliberately form a multi-cloud


Manufacturing firms looking to sustain innovative ways of working post-COVID

Research commissioned by ServiceNow, shows that whilst the conditions created by the pandemic have enabled an environment for innovation


Fortinet extends security fabric to accelerate 5G adoption

Fortinet announced the new FortiGate 7121F and FortiExtender 511F-5G to further secure and accelerate 5G adoption. Powered by Fortinet’s


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu