- 66,400 Meezan Bank Debit Cards data hacked and dumped at Dark-Web for sale
- The Card data was being sold at $50/card
- Meezan Bank Neither Confirm nor deny the report
Meezan Bank is asking its customers to change their ATM PIN Codes after details of its 66,400 cards including their PIN codes appeared on Dark Web platform for sale.
Group-IB, a cybersecurity firm informed ZDnet, a cybersecurity news platform, that data of 66,400 cards Meezan Bank Cards was available for sale at Dark Web portal Jokers Stash. Group-IB also mentioned that majority of the Cards on the portal belong to Meezan Bank, Pakistan’s largest Islamic Bank.
The details of the Meezan bank card data first appears on Sunday 24th February, 2019. The data was on sold for $50/card.
Group IB have highlighted in past availability of Pakistani Banks data on the dark web portal Jokers Stash.
Since Sunday, Meezan Bank has been asking its customers to change PIN Code of its ATM Cards. In conversation with The Mint PK, Nida Amjad, an employee at local FMCG Company, narrates her ordeal: ” I went to Meezan Bank ATM on Sunday in need of cash. When I typed my PIN Code, a pop up appeared asking me to check my registered Mobile number for New PIN Code. I was surprised as this never happened before. When I input my new PIN Code, I was asked to contact Meezan Bank Call Centre for renewal of my PIN Code. I couldn’t withdraw cash at that time”
This scenario has been reported by numerous Meezan Bank Customers and verified by The Mint PK. Customers couldn’t withdraw cash from Meezan bank ATM’s without manually changing their PINs through
Sources from Meezan bank confirmed that Full Phone Banking Staff was deployed on duty on Weekend and additional desks were setup to entertain increasing calls
Meezan Bank neither Confirm nor deny the News. While management declined to comment when contacted.
How the Meezan Bank Card data can be used?
Experts believe that data of these cards can be used to create Clone Cards through which Cash can be withdrawn via ATM machines or it can be used for shopping transactions. Another way of using these hacked data is to make dummy companies with Point-of-Sale (POS) Card terminals which can be used to cash out the cloned cards.
Group-IB mentioned that “The Emerging markets banks frequently do not have adequate anti-fraud controls, making this attack type viable”.