Hackers have released a database that allegedly contains account details of over 4 million Bank of America customers. The leaked data contains sensitive information such as account balances and card CVV codes.
On March 2, on a popular hacker forum, cybercriminals published a database allegedly from Bank of America that contains information on 4 million customer accounts.
The hackers claimed that the database was obtained in January 2023 but have not revealed further information regarding the origin of the breach or how they managed to get their hands on the data.
They claim that the breach affects over 4 million customers and contains account information such as:
The database was uploaded on a popular hacker forum for anyone to download for free. We have analyzed the allegedly leaked data, and it does indeed seem to contain what it’s claimed by the hackers.
We believe security online security matters and its our mission to make it a safer place.
However, we cannot determine the authenticity of the data and the leak, as the data contains no email addresses or phone numbers. While this prevents us – or anyone else – from authenticating the leak, it’s good news for potentially affected users, as without this data, the leak the rather “useless” for cybercriminals.
However, and provided the breach and leak is legitimate, it’s not unlikely that the hackers simply opted not to release the more sensitive part of the data. They may decide to sell the complete database at a later date.
While revealing bank account balances, card expiration dates, and CVV codes are extremely serious, this information can still not be associated with any individual person or card.
The data only contains first names, fortunately making it impossible to determine the account holder’s identity.
Card expiry dates and CVV numbers on their own are – again, fortunately – also useless without the complete card number and the account holder’s full name.
As such, while this alleged leak does seem extremely serious, it may, fortunately, turn out to be “harmless” (relatively speaking) and is unlikely to affect account holders in any way.
Of course, this is provided in case there is no more data that simply wasn’t released by the hackers at this time.
As explained initially, it’s impossible to determine the authenticity of this alleged leak, as it’s impossible to reach out to the allegedly affected individuals.
We will update this story as more information emerges.