Security News > 2021 > February > ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week.
There are dozens of online shops that sell so-called "Card not present" payment card data stolen from e-commerce stores, but most source the data from other criminals.
In contrast, researchers say ValidCC was actively involved in hacking and pillaging hundreds of online merchants - seeding the sites with hidden card-skimming code that siphoned personal and financial information as customers went through the checkout process.
Group-IB said ValidCC was one of many cybercrime shops that stored some or all of its operational components at Media Land LLC, a major "Bulletproof hosting" provider that supports a vast array of phishing sites, cybercrime forums and malware download servers.
ValidCC's demise comes close on the heels of the shuttering of Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data.
Stas Alforov, Gemini's director of research and development, said other card shops will quickly move in to capture the customers and suppliers who frequented ValidCC. "There are still a bunch of other shops out there," Alforov said.