BriansClub.cm card black market hacked, card data reported to banks
Learn More
One of the largest underground marketplaces for purchasing stolen credit card data, known as "BriansClub," fell victim to a hacking incident. This cyberattack resulted in the exposure of a vast cache of data, including over 26 million credit and debit card records, which had been collected from compromised online and brick-and-mortar retailers over a four-year period. Nearly eight million of these records were added to the marketplace in 2019 alone.
An advertisement for BriansClub had been exploiting the identity and likeness of the author of the article, KrebsOnSecurity, to promote the sale of millions of these stolen credit cards. This illicit marketplace had even gone so far as to mimic the appearance and copyright notice of the author's own website, using the name "Crabs on Security." Last month, an anonymous source contacted KrebsOnSecurity and shared a plaintext file claiming to contain the entire database of cards available for purchase, both presently and historically, on BriansClub.
Further investigation revealed that the same credit card records found in the shared database could also be located in a more redacted form by simply searching the BriansClub website with a valid, properly-funded account.
The stolen card data from BriansClub had been disseminated to various sources collaborating closely with financial institutions to identify, monitor, or reissue cards that appeared for sale within the cybercriminal underground. A closer examination of the breached data uncovered a progressive increase in the number of card records offered for sale by BriansClub over the years, from 1.7 million in 2015 to 9.2 million in 2018.
The primary offerings on BriansClub consisted of "dumps," which are encoded strings of ones and zeros that, when transferred onto a medium with a magnetic stripe similar to a credit card's, can be employed by thieves to make purchases, including high-value items like electronics and gift cards at major retail stores.
In terms of the value of the stolen cards, an in-depth analysis of the database indicated that BriansClub held approximately $414 million worth of stolen credit cards for sale, based on the pricing structure displayed on the site. BriansClub managed to sell around 9.1 million stolen credit cards, generating $126 million in sales—all conducted in bitcoin.
The potential financial losses associated with this breach could be astronomical, as even just the confirmed 9.1 million cards sold through BriansClub could result in over $4 billion in likely losses, assuming an average loss of $500 per compromised cardholder, a figure often used for sentencing purposes in federal hacking prosecutions involving stolen credit cards.
While it's difficult to ascertain how many of the 26 million cards offered on BriansClub remain valid, it is estimated that over 14 million of them could still be active based on the presence of future expiration dates in the data. The leaked archive also revealed that the operators of BriansClub frequently uploaded new batches of stolen cards, some numbering just a few thousand records and others reaching tens of thousands. This practice aligns with the modus operandi of many carding sites, as BriansClub primarily resold cards pilfered by other cybercriminals, referred to as resellers or affiliates, who earned a share of each sale. The specific revenue-sharing arrangements in this case have yet to be elucidated but could potentially come to light in future analyses of the stolen database.
