Underground carding marketplaces like B1ack Stash play a crucial role in cybercrime, facilitating the sale and purchase of stolen payment card data.

This giveaway included sensitive information such as cardholder names, addresses, dates of birth, email addresses, and crucial security details like expiration dates and CVV2 codes.

The leaked data encompasses a wide range of sensitive information, including the Primary Account Number (PAN), expiration dates, CVV2 codes, and personal details of cardholders.

E-skimming remains a significant threat to e-commerce and credit card holders, highlighting the ongoing vulnerabilities in online transactions.

Financial experts recommend that credit card holders regularly check their bank statements for any suspicious activity as a precaution against potential fraud.

The stolen cards were categorized by type—credit or debit—and indexed by issuing bank and country, complete with magnetic stripe data that could facilitate cloning.

The announcement of this leak was made on a cybercrime forum, where the marketplace administrator initially claimed to release 4 million cards but ultimately provided 1,018,014 unique cards organized into six archives.

This method of distributing stolen cards is not unprecedented; similar tactics have been employed by other criminal enterprises, including past promotions by the BidenCash credit card site.

On February 19, 2025, the notorious carding website B1ack Stash made headlines by releasing over 1 million unique stolen credit and debit cards for free, raising significant security concerns among experts.

Following this free distribution, it is anticipated that additional stolen cards will be sold at approximately $25 each, a strategy aimed at boosting user engagement on the B1ack Stash forum.

Experts believe the data was likely obtained through web skimming techniques, where malicious JavaScript is inserted into e-commerce payment pages to capture user information in real-time.

In light of these developments, banking institutions are advised to monitor the dark web for credit and debit card offerings to prevent potential fraud.