This article was published on November 7, 2018

20,000 Pakistani debit card details surface on the dark web


20,000 Pakistani debit card details surface on the dark web Image by: Flickr

On Tuesday, Pakistan’s Federal Investigation Agency (FIA) said that major banks in the country have suffered a cyber attack affecting more than 20,000 users.

“More than 100 cases (of cyber-attack) have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang last month,” FIA’s director of cybercrime, Mohammad Shoaib, told Geo News.

His comments followed a report from Group-IB, a Moscow-based cyber security firm, which stated that a dump of data containing details of Pakistani debit cards was put up on the dark web for sale.

However, the State Bank of Pakistan (SBP) said that banks themselves were not hacked. It also advised banks to increase their scrutiny.

The issue began surfacing when Bank Islami detected a fraudulent transaction of Rs. 2.6 million ($20,000) on October 27. It then stopped its international transactions temporarily and informed the central bank.

A report released by Pakistan Computer Emergency Response Team (PakCERT) details out the timeline and scale of data leaks. It also supported the SBP’s claim and said that data was most likely leaked through card skimming.

Credit: PakCERT
Bank spread of 8k card data leak

According to the report, the first dump appeared on the site JokerStash with the name “PAKISTANWORLD-EU-MIX-01,” containing over 11,000 records. More than 8,000 records were related to at least nine Pakistani banks.

Credit: PakCERT
The second data dump of 11,000 cards/ PakCERT

Later, on October 31, another dumped with additional 11,000 records from customers of 21 Pakistani banks appeared on the dark web. These cards were up for sale from anywhere between $100 to $160.

PakCERT says either some visitors to Pakistan performed the skimming or locals executed the plan with groups outside the country helping them. It urged banks to perform root cause analysis and plug security holes. 

The agency is also launching its own investigation to understand more aspects of the data leak.

Get the TNW newsletter

Get the most important tech news in your inbox each week.