BriansClub
Briansclub is one of the Dark Web's largest carding stores, a marketplace that sells stolen payment-card data to criminals. It was hacked the second time in less than four years this week, and thieves siphoned off 26 million credit- and debit-card records from its database. The breach offers valuable intel for banks and card issuers that work to cut off fraudsters from stolen card information.
In a blog post, KrebsOnSecurity reporter Brian Krebs revealed links to files that claim to contain the stolen card records from the site's data center. The files have been verified to be the true-to-life Briansclub database by several experts. Krebs was able to contact the site administrator, who confirmed that the server where the data center was located had been hacked. The site owner also claimed that all stolen card data had been removed from Briansclub store inventories. But multiple sources have informed Krebs that the cards remain for sale on the site.
The data set includes details from a wide range of bricks-and-mortar retailers, and Krebs estimated that the total inventory of cards for sale is worth about $414 million at current black market rates. Most of what's for sale on the site are strings of data that can be encoded onto a plastic card with a magnetic stripe, making it possible to go on fake-card spending sprees.
Krebs' research revealed that the proprietor of the shady
BriansClub cm site regularly uploaded new batches of stolen card information, and he often re-uploaded previous batches as well. In 2015, the site added just 1.7 million cards for sale; in 2016, that number rose to 2.89 million; in 2017, it jumped to 4.9 million; and in 2018, BriansClub uploaded 9.2 million records.
The archive shows that the proprietor of the site also sold card data to other criminals known as resellers or affiliates, and he or she earned a percentage from each sale. A reseller or affiliate would typically purchase a batch of stolen card data from BriansClub and then use it to make purchases at other underground carding sites, such as Joker's Stash, Trump's Dumps, or BriansDump.