Marketplace Selling Stolen Credit Card Details Gets Hacked
Talk about a sweet slice of karma.
Reports are circulating that a website notorious for selling up to half a billion dollars worth of stolen credit card details has been hacked, according to a report from KrebsOnSecurity.
The website, BriansClub, was infamous as an underground store for stolen credentials and other nefarious data for purchase.
According to KrebsOnSecurity, “the data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”
“The data stolen from BriansClub encompasses more than 26 million credit and debit card records.”
The author notes that the majority of products listed on the shop were ‘dumps’, “strings of ones and zero that - when encoded onto anything with a magnetic stripe the size of a credit card - can be used by thieves to purchase electronics, gift cards and other high-priced items at big box stores.”
The site has been incredibly active in the months leading up to the hack, with a reported 1.7 million cards listed in 2015, 2.89 million in 2016, 4.9 million in 2017 and 9.2 million in 2018; between January and August of this year, an additional 7.6 million cards were added to the database.
Estimates from Allison Nixon suggest that between the years of 2015 and August 2019, BriansClub had stolen credit card details of more than 9 million people, and earned its owner around $126 million. Nixon writes that “when people talk about ‘hacking back’, they’re talking about stuff like this. As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it,” she said.
The report mentions that considering BriansClub had 26 million cards listed, this amounts to a total of $4 billion in “likely losses at the $500 average per loss card figure from the Justice Department.”
Ilia Kolochenko, founder and CEO of ImmuniWeb has made public comments on the hack, stating that “multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub website with a valid, properly-funded account.”
“All of the card data stolen from BriansClub was shared with multiple sources who worked closely with financial institutions to identify or monitor or reissue cards that show up for sale in the cybercrime underground,” he said.
“However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player.” Andrei Barysevich
Andrei Barysevich, co-founder and CEO at Gemini said that the hack is an extremely significant event, considering that his company tracks a total of 87 million credit and debit card records for sale across the cybercrime underground. “With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term,” he said.
“However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player,” Barysevich said.
“The presumed value for law enforcement agencies, when the data about illicit traders becomes public, is likewise questionable given that most of the readers know how to use chained VPNs and proxies. With the upcoming introduction of dynamic CVV, credit card theft business will likely vaporize. However, criminals are already fully equipped to shift their attention to crypto wallets and other low-hanging fruits.” Kolochenko concluded.