Virtual Visa Cards Leaked In A Recent Incident
➤Summary
6k Full Credit Card details posted online along with users’ data
On October 21, 2022 Kaduu Team has discovered a database belonging to a virtual Visa credit cards provider. Recently we have already witnessed a 1.2M credit cards data breach that has been shared by threat actors as part of “marketing” campaign to promote their services.
The victim of the hacking incident this time is VCCZone. The idea of the service is simple: customers may buy pre-paid credit cards to use “anonymously” for various purposes, like paying for subscriptions, or conducting other payment operations. According to the leaked data we can assume that the company is very young and has started conducting business in 2022.
What data has been leaked?
The Kaduu Team has analysed breached database and here is a short resume of an incident. On October 20, 2022 the service has suffered a hacking attack, possibly due to a weak security configuration. During the intrusion hackers have obtained access to VCCZone’s database, that contained “users” and “cards” tables.
The following sensitive data of about 6k users is present in the original .sql file:
- User’s first and last name
- Credit card full number (not masked)
- Credit card expiry date
- CVV
- Physical address
- Password in hashed SHA1 format
- Password reset tokens
- Date and time of registration
We were saying it before and we’re saying again: no credit card data should be stored as-is in the databases.
At the time of writing this article, VCCZone hasn’t released any statements concerning this incident nor denied it.
Security of financial and credit card details is hard to be overestimated. We’re happy to deliver our readers fresh news on the matter, like this one. It’s important to stay up-to-date with any incidents happening in the darknet world.
And don’t become a victim of a data leak yourself. It can probably never be prevented completely. That’s why it’s even more important to keep an eye on the Darknet and Deepweb with our Darknet Monitoring Service.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.