The company detected a database containing over 460,000 payment card records uploaded to one of the most popular darknet cardshops on February 5.
Over 98 per cent of the records were from the biggest Indian banks, Group-IB said on Friday.
This is the second major upload of payment records related to Indian cardholders registered by Group-IB in the past several months. The first one was reported by the company last October.
The underground market value of the database is estimated at more than $4.2 million. The source of this batch currently remains unknown, the company said, adding that it immediately informed the Indian Computer Emergency Response Team (CERT-In) about the sale of the payment records.
The database exposed card numbers, expiration dates, CVV/CVC codes and some additional information such as cardholders' full name, as well as their emails, phone numbers and addresses, security researchers from Group-IB found.
"Such type of data is likely to have been compromised online -- with the use of phishing, malware, or JS-sniffers - while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example," the company said.
Earlier, on October 28, 2019, the Group-IB Threat Intelligence team detected a huge database holding more than 1.3 million credit and debit card records of mostly Indian banks' customers uploaded to Joker's Stash.
Group-IB experts determined that the underground market value of the database was estimated at more than $130 million.