An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet’s site Migalki.pw.
It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.
The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.
Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).
It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.
Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.
It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that “the situation is under control”. However, banks in the US and Europe in the same situation receive a huge fine.