Authorities and companies in South Korea should be scrambling by now to track down a major card breach after the details of more than one million payment cards have been put up for sale online over the past two months.
Details for 890,000 and 230,000 payment cards were put up for sale on a hacking forum in July and June, respectively, cyber-security researchers from Gemini Advisory have told ZDNet today.
Source of the breach unidentified
The source of these payment card details has not yet been identified, researchers said. Based on the fact that the card records only contained CP (Card Present) details, this automatically rules out web-based skimmers (Magecart scripts) installed on online stores.
Possible sources of where crooks may have obtained the card records include (1) malware installed on Point-of-Sale (PoS) systems at stores or restaurants; (2) a breach at a bank, payment provider, or PoS company; or (3) card skimmer devices installed on ATMs or PoS terminals.
However, because EMV cards are widely adopted in South Korea, the third source seems very unlikely.
Cards from South Korea and APAC countries are in high-demand
The Gemini team also points out that there was a high demand for South Korean card data on cybercrime forums before this recent dump, which might have triggered cybercrime groups going after South Korean targets, and indirectly causing the current breach.
This high demand also explains why crooks are selling this payment card dump at a higher price than before.
"The median price per record from this spike is $40 USD, which is significantly higher than the median price of South Korean CP records across the dark web overall,