Credit Card Scam Revealed Briansclub Data Breach Revealed

Hackers recently broke into BriansClub, one of the largest underground carding marketplaces offering 26 million stolen card records for sale. Hackers were reported to have stolen 26 million cards that were both for sale and not for sale at brians club, a black market site similar to Krebs on Security.

How It Worked

Briansclub cm Dealer account hackers have caused great harm to innocent individuals around the globe. While their actions may or may not have been undertaken solely, with reports suggesting ties to organized crime groups. What is certain, however, is that these sophisticated criminal hackers were acting with criminal intent, stealing thousands of credit card records for sale on black markets worldwide and pocketing the proceeds as profit for themselves – those responsible must be caught and brought to justice immediately.

The illicit market for stolen financial data is an attractive proposition to cybercriminals of various stripes. Here, illegally acquired information is used for various types of fraudulent schemes which cause financial loss and emotional anguish to victims, with BriansClub being one of the main destinations for illicit commerce in this space.

As its ubiquitous presence in the dark web is evidence of its many attractive features for threat actors, its widespread adoption can only be explained as such. Notably, it offers an abundance of high-quality stolen financial data which makes it an attractive option for those searching for credit cards, bank accounts and other valuables to sell or buy.

BriansClub also regularly uploads new batches of stolen data, keeping their inventory fresh and appealing to more buyers. Their high reputation within underground networks also reduces any risk that threat actors might encounter when purchasing fake or invalid data from BriansClub.

BriansClub stands out as a site with an impeccable record in high-profile breaches and cybercrime events, earning it credibility among its target audience and creating a sense of legitimacy and trust among visitors to the site.

KrebsOnSecurity was recently provided with a file claiming to be the full database of cards currently for sale on BriansClub, and upon reviewing it verified it found that more than 26 million stolen credit card records have been uploaded over four years – a substantial jump from 2015 when only 1.7 million records were uploaded onto their marketplace. Most of these stolen cards are “dumps,” strings of ones and zeroes that can be encoded onto items with magnetic strips of credit card size to make fraudulent purchases.

What We Learned

The Briansclub cm hacking scandal serves as a stark reminder that cybercriminals are constantly looking for vulnerabilities in digital systems to exploit, making it ever more important that both individuals and businesses prioritize cybersecurity measures such as strong passwords, two-factor authentication and regular software updates.

This breach impacted thousands of individuals, many of whom were unaware that their accounts had been compromised and may still be at risk of fraud or identity theft. It serves as a stark reminder of the importance of remaining current with cybersecurity measures by updating passwords regularly and using strong, complex passwords combining letters, numbers and special characters.

No exact estimate exists of how much credit card data was stolen from BriansClub; however, the breach is significant due to its length and scope. Most other underground “carding” shops only offer stolen cards from specific retailers or targets; BriansClub offered data from many retail and online banks across a wide variety of retailers and sectors.

KrebsOnSecurity reported that the compromised database contained over 26 million credit and debit card records, many with expiration dates in the future – making them potentially valuable assets to criminals who purchase this type of data from these websites.

KrebsOnSecurity was recently approached by an anonymous source with a file that purported to contain all the BriansClub data for sale. Unfortunately, BriansClub is run by fraudsters who use my name and image in their thriving fraud bazaar without my permission – even going so far as claiming ownership by linking back to this article in their web copyright claim.

BriansClub ultimately closed in 2019 and its proprietors were arrested, dealing a significant blow to the underground carding community and signaling law enforcement’s intent on aggressively prosecuting those who violate privacy laws and traffic in stolen credit card data.

KrebsOnSecurity was able to verify that most of the data breached was recoverable. This should serve as an important lesson when it comes to breaches involving sensitive personal information that are compromised, like this one.

Conclusions

KrebsOnSecurity was recently provided with access to nearly 10 GB worth of stolen credit card data from Briansclub cm, an underground “carding” store which has been using security blogger Brian Krebs as part of their advertising since 2015. This data includes over 26 Million credit and debit card records stolen from hundreds of hacked online and brick-and-mortar stores over four years.

Once stolen cards fall into cybercriminal hands, they’re used for illegal purchases known as “carding”, an illegitimate digital pickpocketing method which involves breaching point-of-sale systems at retail stores or using devices known as skimmer to steal online card data and sell or trade the data illegally on black markets.

The data dump reveals that Briansclub’s proprietor(s) uploaded large batches of stolen credit card records – often hundreds or even thousands at once – onto its website for sale to criminals, with far greater demand than anticipated by these sellers. Although we can never know for certain which of those sold cards were actually used to commit carding crimes, given how readily available they were on Briansclub.

Briansclub stands out from similar online marketplaces by accepting payment in cryptocurrency like Bitcoin, making it more difficult for law enforcement to track sellers and buyers. It’s an indicator of cybercrime’s rapidly increasing sophistication; cybercriminals continue to find innovative methods of stealing, processing, and exploiting personal data.

Though much of the card data for sale on underground carding markets is outdated and invalid, some still works. That is because hackers or “resellers” who purchase stolen card data from Briansclub can often use it to purchase electronics, clothing and gift cards at big box stores before the cardholder realizes their numbers have been compromised.

Consumers and financial institutions face an ever-evolving threat landscape, so it is wise to remember that even the best security technologies may be compromised by determined criminals. Anyone contemplating buying or selling stolen card data must carefully weigh all associated risks before doing so as it is illegal.

Recommendations

The Briansclub cm dealer account hack demonstrated how hackers are gaining access to credit card data and using it for fraudulent transactions or selling it underground markets. Hackers do this by gaining login credentials via phishing scams that lure people to visit fake websites or services containing malware; once in, they log onto user accounts to steal credit card numbers and expiration dates before selling stolen cards for high prices at dark web markets like BriansClub.

This marketplace serves as a haven for stolen financial data, offering Dumps, CVV2 codes, and Fullz data sets that facilitate various fraud-related activities online. Operating across both surface and Tor networks, the platform enables criminals to buy and sell using various currencies like USDT, Litecoin Dash Monero Bitcoin. Its widespread presence within the dark web demonstrates its multidimensional appeal – something which contributes to its global black market status.

As it can be challenging to accurately calculate the value of stolen credit cards available on BriansClub, a security intelligence firm conducted an exhaustive analysis. They discovered that just in terms of pricing tiers alone, it would take approximately $414 million in sales for all records currently offered – adding additional cards with future expiration dates which account for 14 million cards could increase even further its total worth.

Stolen card numbers make their way into these underground markets in various ways, from point-of-sale breaches at brick-and-mortar stores to cyberattacks on websites accepting credit and debit cards. Once in criminal hands, this data could be used either for card present fraud or card not present fraud – where hackers make unauthorise purchases at physical locations using compromised card data; or online theft using compromised information for online payments via compromised cards.

KrebsOnSecurity was approached in September by someone claiming they had access to stolen card data from briansclub cm marketplace, which has been operating since 2015 on both the surface web and dark web, taking its name from cybersecurity journalist Brian Krebs and using his likeness as its logo.

 

Related Articles

Leave a Reply

Back to top button