Hundreds of thousands of active credit cards have hit the web for free. The incident is aimed at promoting AllWorld.Cards, a new cybercriminals’ dark website for selling payment credentials online. Threat actors have allegedly stolen and leaked the one million cards for free to advertise the site to other cybercriminals and allow them to test the resources for free before eventually paying for the new service. Researchers at threat intelligence firm Cyble noticed the leak during routine monitoring of cybercrime and dark web marketplace, according to researchers.

Cyble released a post over the weekend detailing their findings. The cards were all stolen between 2018 and 2019, according to the advertisements. The leaked cards include information such as credit card numbers, expiration dates, CVV, name, country, state, city, address, ZIP code, emails, and phone numbers. This leaves the victims susceptible not only to financial theft, but to identity fraud, phishing, and social engineering.