Pierluigi Paganini October 21, 2019

BriansClub, one of the biggest a dark web “carding store,” which specializes in the sale of stolen payment card data, has been hacked. 

Hackers have breached BriansClub (BriansClub[.]at), one of the biggest black market sites, that specializes in the sale of stolen credit card data. According to the security experts Brian Krebs, who first reported the data breach, the hackers stole data of more than 26 million payment cards.

Experts estimate the total number of stolen cards leaked from BriansClub represent almost 30 percent of the cards available on the black market.

““BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked.” reads the post published by Brian Krebs. “The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”

Krebs reported that last month, a source shared with him, a file containing the full BriansClub database, the archive included cards currently available for sale and historically data.

The file contains details stolen from bricks-and-mortar retailers over the past four years, including nearly eight million records that were uploaded in 2019 alone.

People who reviewed the stolen data confirmed that the same credit card records could be found in a more redacted form by searching the BriansClub Web site using a valid and funded account.

Historical data in the archive show the rapid growth of the carding site, in 2015 the platform added just 1.7 million card records for sale, in 2016, 2.89 million stolen cards, 4.9 million cards in 2017; and 9.2 million in 2018. Between January and August 2019, BriansClub added approximately 7.6 million cards.

BriansClub acts as a broker of card data stolen by other cyber criminals, resellers or affiliates, who earn a fee from each sale.

BriansClub sold roughly 9.1 million stolen credit cards, allowing the site and its resellers to earn a total of $126 million in sales since 2015.

“There’s no easy way to tell how many of the 26 million or so cards for sale at BriansClub are still valid, but the closest approximation of that — how many unsold cards have expiration dates in the future — indicates more than 14 million of them could still be valid.” states Krebs.

According to a follow-up post published by Krebs, the administrator of BriansClub confirmed that the data center hosting his site had been hacked earlier in the year. The administrator claims that stolen data had been removed from BriansClub store inventories, but multiple sources confirmed they are still available for sale at BriansClub.

According to Krebs, the administrator of the Russian cybercrime forum Verified, BriansClub was hacked by “a fairly established ne’er-do-well who uses the nickname ‘MrGreen’ and runs a competing card shop by the same name.”

“The Verified site admin said MrGreen had been banned from the forum, and added that “sending anything to Krebs is the lowest of all lows” among accomplished and self-respecting cybercriminals. I’ll take that as a compliment.” concludes Krebs.

“That said, if the remainder of BriansClub’s competitors want to use me to take down the rest of the carding market, I’m totally fine with that.”

Pierluigi Paganini

(SecurityAffairs – BriansClub, carding)

[adrotate banner=”5″]

[adrotate banner=”13″]