26 million card information is stolen from the dark site, benefiting users with fraudulent card information


Negative Space

Credit card and debit card information stolen by various means is traded by criminals on illegal dark sites . In October 2019, it turned out that a major black-and- white site ' BriansClub ' that buys and sells card information was hacked, and 26 million pieces of card information collected over the past four years were stolen. At first glance, it seems to cause a lot of damage, but this outflow is expected to benefit users whose card information has been stolen.

“BriansClub” Hack Rescues 26M Stolen Cards — Krebs on Security

Data for a whopping 26 million stolen payment cards leaked in hack of fraud bazaar | Ars Technica

BriansClub is a dark site created by imitating a site called '

KrebsOnSecurity ' run by security expert Brian Krebs , and Krebs seems to have known its existence before. It is unclear why BriansClub is creating a site similar to KrebsOnSecurity, and Krebs does not answer when he contacts the administrator.

In September 2019, a person under Krebs contacted me and sent me a plain text file claiming that it was a complete database stolen from BriansClub. As a result of reviewing by multiple people with expert knowledge, it became clear that the contents of the file were card information sold by BriansClub, and the testimony of the person who contacted Krebs was genuine.

The 26 million card information stolen from BriansClub has been collected and sold by BriansClub over the past four years since 2015. Analyzing the data sent to Mr. Krebs, BriansClub sold only 1.7 million card information in 2015, but in 2016 it was 2.89 million, 490 in 2017 It turns out that card information for 9.2 million cards was newly added in 2018. In addition, in the data for 2019, 7.6 million pieces of card information was added for 8 months from January to August.


Soumil Kumar

The card information sold on BriansClub is a string consisting of 1s and 0s, mainly called 'dumps'. Criminals can use the magnetic card dumped card information in the same way as the original credit card by encoding the purchased dump into a credit card size magnetic card. The exact number of 26 million copies that were usable at the time of article creation is unknown, but if only considering the card expiration date, more than 14 million copies may remain valid That there is.

Already stolen card information from BriansClub has been shared with multiple financial institutions and illegal trade monitoring organizations. As a result, financial institutions invalidate the cards that were leaked to the dark site, and authorized owners can exchange new cards, so this hack against BriansClub will benefit users and financial institutions is.

As security company Flashpoint told Krebs, BriansClub calculated based on the price at which card information is sold, the loss of BriansClub due to this hacking is equivalent to $ 414 million (about 44.7 billion yen) Then.

A company called Gemini Advisory, which monitors the buying and selling of stolen card information, keeps track of 87 million credit and debit cards that are sold on dark sites. Since 26 million pieces of card information was stolen from BriansClub this time, data equivalent to one-third of all card information sold on the dark site is excluded from circulation, so card information buying and selling on the dark site However, this hacking is expected to have a major impact.

by Pixabay

in Web Service,   Security, Posted by log1h_ik