Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

For Sale: 3 Million Cards Used at Dickey's Barbeque Pit

Joker's Stash Darknet Marketplace Offering Payment Cards Used at Franchise Restaurants
For Sale: 3 Million Cards Used at Dickey's Barbeque Pit
Joker's Stash advertisement for the sale of 'BlazingSun' group of stolen cards (Source: Gemini Advisory)

The Joker's Stash darknet marketplace has posted a fresh collection of 3 million credit cards that are likely related to a breach of the Dickey's Barbecue Pit chain of franchised restaurants, according to Gemini Advisory.

See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs

The new collection, called "BlazingSun," was posted Monday on the Joker's Stash carding site, and Gemini Advisory says it confirmed the authenticity of the data before publishing its report Thursday.

The darknet marketplace had been advertising in recent weeks that the data from the Dickey's Barbecue Pit breach would be posted soon, Gemini Advisory reports.

The data is from both track 1 and track 2 or cards, which can include the cardholder name, account number, expiration date and bank identification number. It apparently comes from cards used at restaurants in 30 states as well as some international locations, according to the report. The data appears to have been stolen between July 2019 and August. Joker's Stash is now selling the information for a median price of $17 per card.

A spokesperson for Dickey's Barbecue Pit tells Information Security Media Group that the company is aware of the report that card data is for sale and has contacted third-party security firms as well as the FBI to investigate.

"We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. We are currently focused on determining the locations affected and time frames involved," the spokesperson says.

More to Come?

Back in January, Joker’s Stash posted for sale 30 million payment cards related to a breach at the Wawa convenience store chain (see: Wawa's Stolen Payment Cards Are Now for Sale).

"The marketplace advertised this [Wawa] breach as containing 30 million records, and as of this writing, it continues to add compromised cards," according to the Gemini Advisory report this week. "Since the breach first appeared in January 2020 and continues to add records 10 months later, the BlazingSun [Dickey’s card listing] may follow a similar timeline of several months."

Security Shortcomings

The source of the breach data from Dickey's Barbecue Pit restaurants is not known.

"Dickey’s operates on a franchise model, which often allows each location to dictate the type of point-of-sale device and processors that they utilize," the report states. "However, given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations," according to the report.<.p>

"Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks."

Dickey’s Barbecue Pit oversees 469 restaurant franchise restaurants across 42 states. The Gemini Advisory report estimates that 156 of these locations in 30 states appear to have been compromised, with the highest exposure in California and Arizona, according to the report.

(Source: Gemini Advisory)

The Gemini Advisory report noted that Dickey’s Barbecue Pit sustained a ransomware attack in 2015, and the company ended up paying a $6,000 ransom. In 2018, the then-CEO wrote a blog post promising to update and improve the company's security practices.

Other Stolen Data for Sale

Over the last several months, Joker's Stash also has advertised a collection of nearly 400,000 payment cards issued by banks in the U.S. and South Korea for approximately $5 each, according to the security firm Group-IB (see: Joker's Stash Sells Fresh US, South Korean Payment Cards ).

About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.