Joker’s Stash Darknet Marketplace Offering Payment Cards Used at Franchise Restaurants
Joker’s Stash advertisement for the sale of ‘BlazingSun’ group of stolen cards (Source: Gemini Advisory)
The Joker’s Stash darknet marketplace has posted a fresh collection of 3 million credit cards that are likely related to a breach of the Dickey’s Barbecue Pit chain of franchised restaurants, according to Gemini Advisory.
The new collection, called “BlazingSun,” was posted Monday on the Joker’s Stash carding site, and Gemini Advisory says it confirmed the authenticity of the data before publishing its report Thursday.
The darknet marketplace had been advertising in recent weeks that the data from the Dickey’s Barbecue Pit breach would be posted soon, Gemini Advisory reports.
The data is from both track 1 and track 2 or cards, which can include the cardholder name, account number, expiration date and bank identification number. It apparently comes from cards used at restaurants in 30 states as well as some international locations, according to the report. The data appears to have been stolen between July 2019 and August. Joker’s Stash is now selling the information for a median price of $17 per card.
A spokesperson for Dickey’s Barbecue Pit tells Information Security Media Group that the company is aware of the report that card data is for sale and has contacted third-party security firms as well as the FBI to investigate.
“We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. We are currently focused on determining the locations affected and time frames involved,” the spokesperson says.
More to Come?
Back in January, Joker’s Stash posted for sale 30 million payment cards related to a breach at the Wawa convenience store chain (see: Wawa’s Stolen Payment Cards Are Now for Sale).
“The marketplace advertised this [Wawa] breach as containing 30 million records, and as of this writing, it continues to add compromised cards,” according to the Gemini Advisory report this week. “Since the breach first appeared in January 2020 and continues to add records 10 months later, the BlazingSun [Dickey’s card listing] may follow a similar timeline of several months.”
The source of the breach data from Dickey’s Barbecue Pit restaurants is not known.
“Dickey’s operates on a franchise model, which often allows each location to dictate the type of point-of-sale device and processors that they utilize,” the report states. “However, given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations,” according to the report.<.p>
“Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks.”
Dickey’s Barbecue Pit oversees 469 restaurant franchise restaurants across 42 states. The Gemini Advisory report estimates that 156 of these locations in 30 states appear to have been compromised, with the highest exposure in California and Arizona, according to the report.
(Source: Gemini Advisory)
The Gemini Advisory report noted that Dickey’s Barbecue Pit sustained a ransomware attack in 2015, and the company ended up paying a $6,000 ransom. In 2018, the then-CEO wrote a blog post promising to update and improve the company’s security practices.
Other Stolen Data for Sale
Over the last several months, Joker’s Stash also has advertised a collection of nearly 400,000 payment cards issued by banks in the U.S. and South Korea for approximately $5 each, according to the security firm Group-IB (see: Joker’s Stash Sells Fresh US, South Korean Payment Cards ).