Briansclub is an increasingly popular black market for stolen credit card data. Its owners regularly upload millions of stolen cards obtained through hacking online retailers or physical retailers for sale to cybercriminals. KrebsOnSecurity recently shared its analysis of brians club with several security firms, including Gemini Advisory which monitors several underground shops that sell these so-called “dumps.”Criminals that purchase garbage dumps use it to purchase goods online or in stores using fake magstripe data that resembles real ones and zeros.

Infiltrating Databases of Financial Institutions

Credit card theft can cause irreparable financial harm for both consumers and financial institutions alike, from unexpected charges and theft of items to identity fraud and potential identity theft. Victims may face unexpected bills for fraudulent activity while financial institutions must shoulder their share by both compensating victims as well as investing in greater security measures to safeguard customers and avoid future breaches.

Cybercriminals sell stolen card information through platforms known as “carding shops.” One notable carding shop on the dark web, Briansclub, gained notoriety for its vast trove of hacked data. The process for creating such marketplaces can involve various stages from infiltrating databases to exploiting vulnerabilities to committing fraud before selling data on the dark web – Briansclub was only one such website; and since threats continue to evolve constantly it requires consumers and financial institutions to remain vigilant at all times.

Once Briansclub receives stolen card data, it organizes and uploads it onto its website for potential buyers to search through. Visitors to Briansclub’s site can use search criteria like country of origin, credit limit, expiration date and other factors to find cards they want and assess the price accordingly based on variables like country, credit limit and expiration date – criminals can easily turn this market into lucrative opportunities with an average card record being valued at $500 each.

Briansclub also provides tools that aid criminals in further exploiting the data they have accumulated, including tools that check the validity of stolen credit card information before it is used for illicit transactions. Such tools lower the barriers to cybercrime by making participation easier – more people can engage without technical know-how being required.

KrebsOnSecurity recently shared the Briansclub database with Gemini Advisory, an advisory firm which monitors carding shops such as this one and others to detect when new data is added. Gemini found that over 26 million cards had been posted for sale on Briansclub alone – 21.6 million of which won’t expire until October of next year and allow carders to cash out their stashes without risk of detection by bank staff.

Exploiting Vulnerabilities in E-Commerce Platforms

Last month, an unscrupulous website that specialized in selling stolen credit card data was compromised and lost 26 million records to cybercriminals utilizing e-commerce platforms as platforms to steal payment details from customers.

KrebsOnSecurity, a blog that tracks security breaches and the dark web, was the first to report this news. Resellers — as known in the community — operate this site by stealing and selling card data from online and physical retailers to fund illicit activities; their breach affected hundreds of businesses, from small mom-and-pop shops to large retailers and restaurant chains.

Over the past four years, these resellers have uploaded more than 8 million card records to BriansClub – an underground carding marketplace site – worth approximately $500 each – the average loss per victim from federal hacking prosecutions.

These hackers have been targeting e-commerce platforms by exploiting vulnerabilities in their code to collect customer payment details, known as card-not-present fraud. It’s an increasingly prevalent form of credit card theft carried out through cyber criminals who exploit flaws either in website security or third-party applications like shipping services or payment processors.

As soon as criminals or hackers gain access to this data, they can use it in multiple ways – such as taking money directly out of bank accounts, purchasing goods and services on fake credit cards and going on spending sprees. KrebsOnSecurity reports that BriansClub’s hack will likely lead to widespread credit card fraud schemes.

KrebsOnSecurity estimates that 14 million of the 26 million cards sold by this seller remain valid, demonstrating how quickly this data could be exploited by criminals and emphasizing the need to monitor your accounts for suspicious activity and report suspicious accounts promptly. A strong password policy and continuous network monitoring with threat detection software may help keep you safer still.

Selling Sensitive Information on the Dark Web

Briansclub, an infamous online marketplace for stolen credit card data, has built its name among cybercriminals by constantly improving and expanding its offerings. Briansclub’s involvement in high-profile hacking and cybercrime incidents has also raised its profile among threat actors looking for counterfeit data purchases, decreasing risk factors associated with purchasing fake or outdated data from it.

KrebsOnSecurity recently obtained information showing that hundreds – perhaps even thousands – of stolen credit card records had been uploaded to Briansclub over the last four years and sold off by resellers who specialize in breaking into payment systems both virtual and physical. KrebsOnSecurity discovered that many resellers then resold this card information back to Briansclub owner Briansclub who then sold it further to buyers across multiple platforms.

Criminals then used these card records for various crimes, such as credit-card fraud and identity theft, phishing/vhishing attacks and fraudulent online order placement. Briansclub card records contain 26 million stolen credit and debit card records that had previously been taken from both online and retail sources; an estimate value for these cards at this writing stands at $414 Million based on price tiers listed within Briansclub store.

Briansclub card data sets are currently unavailable due to a cyberattack which forced its owner to re-encrypt stored information. KrebsOnSecurity is working with Gemini Advisory in order to ascertain when this site resumes operation and how much of breached data will become available for sale.

Gemini, based out of New York, oversees most underground shops that sell stolen credit card records. The firm receives regular updates from these shops about newly added cards to their inventory as well as monitoring how many records have been bought by individuals.

Data released by this breach is far from comprehensive, but enough for investigators to establish an approximate list of resellers and buyers who supplied card records to this breach. With this knowledge in hand, investigators may identify the hackers or criminals involved and pursue prosecution against them for various cybercrimes.

Using Sophisticated Network of Hackers and Cybercriminals

Cybercriminal networks have stolen 26 million credit card records from Briansclub, an underground “carding” store specialising in selling stolen credit cards and payment details, in one single breach. This incident could have serious repercussions for individuals as well as financial institutions alike.

KrebsOnSecurity was given access to a plain text file containing this hacked data set by someone claiming they have access to it, purporting to contain credit and debit card account numbers stolen over four years from both physical stores and online retailers. According to estimates, over 21.6 million of these cards do not expire until October 2019 giving criminal buyers ample time to cash them in. KrebsOnSecurity received this file from this source who claims they have access.

This Briansclub hack exemplifies just how complex and sophisticated modern cybercrime has become, as hackers and criminals employ various means to penetrate various sources and extract the desired data without leaving a trace – such as through phishing scams, malware injections, skimming devices or other techniques – without leaving a footprint behind them. Once they obtain information they use it to commit various types of fraud including credit card theft or identity theft.

As soon as they collect stolen data, cybercriminals typically turn it into cash by offering it up for sale on the dark web through clandestine platforms known as carding sites that operate under Tor network. One carding site even features its name alongside that of a well-known security blogger in its title and even features graphics showcasing his image across its storefront.

Carding sites often host stolen information, but Briansclub stands out due to its enormous and valuable data set – estimated by security intelligence firm Flashpoint as having more than $414 million total value.

The theft of briansclub cm records has highlighted how difficult it is for law enforcement agencies to effectively shut down and prosecute criminal operations. But thanks to a concerted international effort, Briansclub data sales have been disrupted, sending a clear message that this kind of illegal activity will not be tolerated.