Stay updated with the latest Cybersecurity News on our TecnetBlog.

23,000 Mexican Bank Cards for Sale on the Dark Web

Written by Muriel de Juan Lara | Sep 3, 2025 1:00:00 PM

Financial cybersecurity is once again in the spotlight. A recent report revealed that 23,000 Mexican bank cards —both credit and debit— were put up for sale on a Russian dark web forum. Behind this operation is a cybercriminal known as Mexicnon, who is asking up to $100,000 for the full batch of data.

If you have a bank card, now is the time to pay close attention — your information could be circulating in illegal markets without your knowledge. At TecnetOne, we break down how this underground business works, the risks for victims, and what steps to take to protect yourself.

 

What Data Was Leaked — and Why Is It So Valuable?

 

The dataset contains everything a criminal needs to clone a card or commit financial fraud:

 

  1. Full card number

 

  1. Expiration date

 

  1. Security code (CVV)

 

  1. Cardholder’s name

 

  1. Physical address

 

  1. Phone number and email

 

With this information, criminals can make online purchases, apply for financial services, or even commit identity theft. The seller claims that 70% of the cards are still active, making them extremely appealing to other cybercriminals.

 

Who Is Mexicnon and What Is Carding?

 

According to intelligence from Dark Web Informer, Mexicnon is no amateur. Since late 2024, he’s been selling batches of both Mexican and U.S. cards, gaining credibility on underground forums.

His specialty is carding, the illegal trade of stolen credit card data. The market functions like a black-market e-commerce ecosystem:

 

  1. Data is stolen via malware, ATM hacks, online store breaches, or POS vulnerabilities.

 

  1. It’s sold on forums or marketplaces on the dark web.

 

  1. Buyers use it for fraud or resell it in smaller lots.

 

Payments are made in cryptocurrencies to avoid traceability.

 

Similar titles: PhantomCard: The NFC Trojan Threatening Bank Cards in Brazil

 

This Isn’t an Isolated Case

 

This case mirrors the tactics used by BidenCash, a notorious marketplace that from 2022 to 2025 distributed millions of stolen cards. At one point, they even gave away card data as a "marketing stunt" to attract buyers.

Even though BidenCash was taken down in June 2025 by U.S. and Dutch authorities, new actors like Mexicnon have taken their place — proving that carding is a growing global market that won’t disappear with just one crackdown.

 

Where Do These Data Come From?

 

Not all records are outdated. Some criminals use sniffers, programs that capture data from ATMs, payment terminals, or online stores in real time.

One cybercriminal in Mexico explained:

“They’re sniffed, dropping all the time. They come in every day from the sniffer.”

In other words, there's a constant stream of fresh card data reaching the dark web.

 

The Global Business of Carding

 

The stolen card trade works almost like a legitimate e-commerce site. In some forums, you can find:

 

  1. Cloned cards with PINs ready for ATM withdrawals

 

  1. Verified PayPal accounts with existing balances

 

  1. Fake Western Union transfers

 

  1. Full card listings from multiple countries — from $65 per record

 

Sellers even offer “guarantees” to buyers to ensure the data works. It’s a well-structured, professionalized market.

 

The Real Risk for Users

 

This isn’t just about unauthorized charges. With full details, a criminal can:

 

  1. Clone your physical card and withdraw money

 

  1. Shop online as if they were you

 

  1. Apply for loans or services using your identity

 

  1. Combine this with data from other leaks for advanced fraud

 

If your card is in this batch, you're risking your money, your financial reputation, and your credit history.

 

Also of interest: Amazon Gift Card Mailings Seek to Steal Microsoft Accounts

 

What Should You Do If You're a Victim?

 

At TecnetOne, we recommend the following steps:

 

  1. Monitor your bank transactions daily — not just at month’s end.

 

  1. Set up real-time alerts via your banking app.

 

  1. Immediately report any suspicious transactions. Most banks will reverse them if caught early.

 

  1. Request a new card if you suspect exposure.

 

  1. Change your passwords if your email or phone number is linked to bank or e-commerce accounts.

 

  1. Never share sensitive data via phone, email, or social media — even if the request seems legit.

 

What Should Companies Do?

 

While this breach mainly affects individuals, companies are also at risk:

 

  1. Fraudulent charges on corporate cards

 

  1. Reputational damage if a breach originated from your online store

 

  1. Legal penalties for failing to protect payment data

 

Firms must invest in security audits, payment encryption, and intrusion detection systems, and train staff on social engineering to avoid being the weak link.

 

The Role of Authorities

 

Mexico still faces challenges in cybercrime enforcement, but some agencies can help:

 

  1. CONDUSEF: Offers guidance for financial fraud victims

 

  1. INCIBE (Spain) and CERT-MX: Issue alerts and prevention tips

 

  1. Cyber Police Units: Receive reports and track criminal groups

 

International cooperation is key, as many operations are orchestrated abroad.

 

Conclusion: Prevention Is Your Best Defense

 

The sale of 23,000 Mexican bank cards on the dark web is just the tip of the iceberg in a global criminal enterprise. Carding is a well-established market fed by constant leaks and high demand for financial data.

Both users and businesses must accept that their data is always at risk. The smartest strategy is not hoping it won’t happen to you, but being ready to act fast when it does.

At TecnetOne, we remind you: cybersecurity isn’t a luxury — it’s a necessity. Stay alert, protect your information, and act quickly to prevent serious losses.
View full post