A threat actor on a dark web forum claims to be selling access to a MySQL server belonging to a Pakistani company that develops CRM software for the US market. The data allegedly includes 1,000 active US credit card details and 1.4 million lines of personal information. The seller is withholding the company’s name to maintain access until the sale is completed. The seller states that access to the database will only be sold to a single buyer for $6,000.
Credit Card Section:
- Card number
- Expiration date
- Balance status (e.g., Past Due)
- APR (Annual Percentage Rate)
- Cardholder name
- Merchant ID
- Added by (user who uploaded the card)
Customer Section:
- First and last name
- Address (street, city, state, ZIP)
- Phone number
- Demographic info (income, length of residence, etc.)
- Birthdate
- Added by system
