BidenCash Card Shop $

10995668265?profile=RESIZE_400xThe notorious carding marketplace BidenCash recently released information on more than 2.1 million credit and debit cards.  The criminal site uses the president’s name and photo to trade in stolen data.  Carding marketplaces, also referred to as card shops, are cybercrime websites that facilitate the trading and unauthorized use of stolen payment card details.  The site active for less than a year, BidenCash has quickly become one of the top carding marketplaces, making a name for itself by releasing the details of hundreds of thousands of cards in June 2022.  In October 2022, it released the details of more than 1.2 million stolen cards, for free.[1]

The new data dump, the largest associated with the illicit portal so far, is meant to attract new customers, especially since most of the released cards are approaching expiration.

Records     Country

965,846       UNITED STATES

97,665        MEXICO

97,003        CHINA

86,313        UNITED KINGDOM

36,906        CANADA

36,672        INDIA

23,009        ITALY

22,798        SOUTH AFRICA

21,361        AUSTRALIA

19,700        BRAZIL

Most records leaked by country (Cyble)

It is estimated that 70% of the leaked cards expire in 2023, cyber threat investigators reported.  They also note that half of the cards belong to US-based people or entities.  According to threat intelligence provider Cyble, the dump contains more than 740,000 credit cards and over 810,000 debit cards, as well as roughly 300 charge cards. Some of the cards expire in 2052, the company says.   The cards were released on a top-tier Russian-speaking dark web forum and included card numbers and expiration dates, CVV numbers, and bank names.

In the leak, BidenCash also included the personally identifiable information (PII) of the victims, such as names, addresses, email addresses, and phone numbers.


While the release of expired or about-to-expire cards might not seem too much of a threat, cybercriminals are known to purchase such information as means of gathering information on their potential victims. The presence of email addresses and full information (commonly referred to as ‘Fullz’ by cybercriminals) will make the victims of this leak vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or             

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!