Late Monday evening, a new posting appeared on Joker’s Stash, which is believed to contain cards from the Wawa data breach. Joker’s Stash is a popular criminal market website for stolen payment card data, where card data is regularly dumped and released in batches for sale. The new batch announced on Joker’s Stash on Monday allegedly contains over 30 million payment cards named “BIGBADABOOM.” Joker’s Stash typically gives names to batches of stolen cards for sale that don’t directly relate to the source that the cards were stolen from. Fraud experts from Gemini Advisory have evaluated one of the batches that went up for sale and have stated that the cards appear to have been stolen in the Wawa breach announced in December.
Wawa has worked closely with payment card brands to help protect those effected by the breach. Customers who made purchases at Wawa during the period of the breach, March 4th through December 12th, should ensure that they also monitor activity on their accounts as well to defend against fraudulent transactions. So far only a small portion of the 30 million cards have been released. This is not unusual for criminal marketplaces, because releasing too many cards at once drives down the price of each card. Binary Defense analysts monitor criminal forums and marketplaces such as Joker’s Stash for any threat intelligence related to our clients or industry. More information on the dump of these cards can be found at https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/#more-50274