Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files every week. The hackers are doing this in support of their claim to have breached BCR in the past and the bank’s denial of these intrusions.
Valid numbers inside
In a post on their “leak” site this week, Maze operators shared a 2GB spreadsheet with payment card numbers from customers of Banco de Costa Rica.
The attackers say that they released the data because they are not looking to make any profit off it. Instead, they want to draw attention to the bank’s security lapses when it comes to protecting sensitive information.
Several screenshots from the database accompany the announcement, showing unencrypted credit card numbers. Together, the images contain data for at least 50 cards (some are listed multiple times). Previously, they published over 100 partial numbers (last four digits removed) with expiration date and verification codes.
BleepingComputer checked several numbers with two online validation services and most of them passed the check. Bank identification number (BIN) details showed that they were Visa or MasterCard debit cards issued by BCR.
It should be noted that one of the card validation sites states that the validity of a number does not guarantee that it is also in use. However, the details were confirmed when verified on a second online checker.
On April 30, Maze ransomware operators claimed to have more than 11 million cards from BCR, with 4 million being unique and 140,000 belonging to “US citizens.”
Maze said that they first gained access to the bank’s network in August 2019 and again in February 2020, to check if security had improved.
They chose to exit without encrypting the systems the second time because it “was at least incorrect during the world pandemic” and “the possible damage was too high.” But they did not leave empty-handed.
