Dickey’s Barbeque Pit customer payment cards for sale on Joker’s Stash dark web marketplace
A cache of three million stolen credit cards was posted on a dark web marketplace known as Joker’s Stash. The payment cards were stolen from Dickey’s Barbeque Pit restaurants in 30 states as well as some international locations.
The compromised credit cards were used at Dickey’s between July and August 2019. The exact attack vector exploited to steal the payment cards is still not known.
It was determined that the transaction info was stolen from locations that use magstrips to swipe customer payment cards according to cyber security researchers at Gemini Advisory. These are prone to malware attacks than other POS setups. Dickey’s Barbecue Pit was also hit by a ransomware attack in 2015.
“Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks.”
Dickey’s is a US-based franchise and each location is responsible for contracting for their own point-of-sale (POS) terminals and payment card processing services. There are 469 franchise restaurants in 42 states. The stolen credit cards appear to have been taken from about 156 locations across 30 states. California and Arizona are the states with the highest number of compromised locations.
The tranche of stolen payment cards was posted on the Joker’s Stash under the name “BLAZINGSUN.” Each payment card is listed for sale for about $17 USD each. There is often a delay of a few months before compromised payment cards are listed for sale on Joker’s Stash.
Credit Card Details Include:
The card data contains data from both track 1 and track 2. This includes the following.
- Cardholder name
- Account number
- Expiration date
- Bank identification number
Joker’s Stash Credit Cards Sales
In January of this year, Joker’s Stash posted stolen payment cards taken from a payment card skimming malware attack on Wawa convenience stores and fuel pumps in 2019. The malware infected every single one of WaWa’s 850 WaWa stores and fuel pumps and was quietly skimming payment cards for nine months before being detected. That tranche of stolen payment cards is named “BIG BADABOOM-III” by Joker’s Stash. The offering listed 100,000 payment cards. However, the cybercriminals continue to add more records to BIG BADABOOM-III.
Other Joekr’s Stash sales includes stolen payment information taken from Hy-Vee supermarkets, the Davinci breach, and more than one-million cards from banks in India.
It is likely that Joker’s Stash will continue to add more stolen credit cards to the BLAZINGSUN sale.
Dickey’s Barbeque Pit Stolen Credit Card – What Do I Do?
If you believe that you used a payment card at Dickey’s Barbeque, then it is best to safeguard your credit and your money as these cards are now for sale in the dark web. Don’t wait for a fraudulent charge to do something about it.
- Get an identity theft protection and credit monitoring service to help safeguard your money. This service will send you an alert if anyone opens a line of credit in your name.
- You may want to consider freezing your credit so no one can open up a new credit card or another line of credit in your name without taking extra steps to verify your identity
- Review all bank account and payment card statements to look for suspicious charges.
- Consider using a mobile wallet for payments rather than carrying a physical card. Read our FREE tutorials on mobile wallets.
- Get a copy of your credit report. You’re entitled to a free credit report each year from each one of the three major credit reporting bureaus. If you are active in the US military you may be entitled to free credit monitoring.