Cyber theft experts say millions of credit cards exposed in breach being sold online

The compromised information from credit card breaches often ends up on dark web marketplaces, leaving victims at risk for having their precious information sold in a transaction that's entirely out of their control.

But, people often are clueless about whether their breached data ended up on the dark web. Many assume it did and, hopefully, go through the recommended steps to stay safe from cyber identity theft.

However,  cybersecurity experts from Gemini Advisory have evidence that details from millions of credit cards taken during a recent breach associated with Wawa, Inc., the Pennsylvania-based convenience store chain, are for sale at a dark web site called Joker's Stash.

What Did the Cybertheft Research Show?

The Joker's Stash marketplace regularly sells stolen personal data retrieved during data breaches. On January 27, 2020, the site started uploading content taken during a breach that Joker's Stash representatives referred to as BIGBADABOOM-III.

The cybersecurity analysts from Gemini Advisory determined that the data in this collection sold on Joker's Stash came directly from a December 2019 Wawa breach. Joker's Stash began advertising that the website would sell details from this breach before representatives began uploading it for purchase.

Initially, the information published by Joker's Stash claimed people could get geolocation data from across 40 states. However, the Gemini Advisory team determined that most of the geolocation information was likely falsified and that genuine data only came from six U.S. states.

Gemini Advisory clarified that because the Wawa data breach may have affected 850 stores and encompassed 30 million sets of payment records, it is one of the largest breaches of 2019 and all time. However, the cybersecurity company said that the first payment data sets offered for sale totaled a number closer to 100,000.

Although most of the details are from cardholders in the U.S., Gemini Advisory representatives found some content associated with credit card users from Europe, Asia and Latin America. Those people probably became victims while traveling in the U.S. and stopping at Wawa stores.

Information About the Wawa Breach

Statistics say that global credit card losses due to credit card fraud reached $27.85 billion in 2018, which was a 16.2 percent increase compared to the previous year. Brands must take preventative breaches against breaches. If a breach happens, they must remain as transparent as possible about the cyber theft.

On December 19, 2019, Wawa's CEO, Chris Gheysens, published a letter to customers that disclosed how the company discovered the breach on December 10 and had it contained two days later. The breach occurred due to malware on Wawa's payment processing servers and potentially affected credit cards used at Wawa locations between March 4, 2019, and December 12, 2019.

The issue affected both in-store terminals and those located at the chain's gas pumps. The compromised details included cardholder names and payment card numbers, but not the 3 or 4-digit security codes on the back of cards. Moreover, the breach did not impact any other personal details associated with customers.

Wawa notified law enforcement personnel about the breach and believes there are no further risks associated with paying by card for a transaction at any of its locations.

News to Draw Attention to Joker's Stash

Wawa distributed a press release on January 28, 2020, to inform customers it was aware of the news about the breached data being sold online. Gemini Advisory pointed out that Joker's Stash has a history of only adding records from large breaches to its marketplace after mainstream news breaks. The cybersecurity firm believes that approach is a tactic to cement the perception that Joker's Stash is the most well-known place to get compromised information.

Despite the cyber identity theft risks associated with data breaches, Gemini Advisory said that information from huge breaches like Wawa's is typically not in high demand on the dark web. That's presumably because cybersecurity researchers and the affected brands have publicized the issue and advised victims to take appropriate action, such as enrolling in identity theft monitoring and canceling their credit cards used at the breached locations.

How Can People Check For Details Sold at Joker's Stash?

There is so far no way for a worried individual to see if Joker's Stash is selling their details. Even if a person took the step of accessing the dark web site, it's unlikely they would be able to search for their names, card type or number afterward. The best approach for someone to take if they think the Wawa breach affected them is to cancel the card used and enroll in the free credit monitoring and identity theft protection Wawa offers.

Being the victim of a data breach is scary. But, taking prompt, decisive action can limit the negative consequences.

Image credit: Olleg / Shutterstock

Kayla Matthews is a senior writer at MakeUseOf and a freelance writer for Digital Trends. To read more from Kayla, visit her website productivitybytes.com.