Hacking BriansClub Carder Website Leads to 26 Million Bank Card Data Leaks

The well-known information security journalist Brian Krebs reported about hacking BriansClub (BriansClub [.] At), a website where were bought and sold stolen bankcards, and a large data leak from there.

“The creators of BriansClub have been trolling me for quite some time: they use the face in their advertising banners, and a strange copyright message is posted in the “basement” of the site:“ © 2019 Crabs on Security ”, which clearly hints at Krebs’s personal blog – KrebsOnSecurity, – complained Brian Krebs.

Information about the dump containing data on 26 million bank cards, Krebs provided his own source, sending it in a simple text file format. Several people who studied this database at the request of a journalist confirmed that paid BriansClub members could find the same entries on the trading floor, but in a more edited form. According to Krebs, about 14 million cards from this dump can still be valid.

“All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground”, — reported Brian Krebs.

After investigating the leak, Krebs concluded that at the beginning of their activity, in 2015, BriansClub put up for sale 1.7 million cards, but the fraudsters business was developing rapidly: in 2016, 2.89 million stolen cards were uploaded to BriansClub, in 2017 about 4.9 million cards were added; and 2018 brought another 9.2 million. Between January and August 2019 (when, apparently, a dump was made), approximately 7.6 million more cards were added to BriansClub.

Read also: Europol called the main cyberthreats of 2019

According to Flashpoint’s analysis, BriansClub stored stolen bankcard information worth about $ 414 million, based on the price levels indicated on the site.

Between 2015 and 2019, about 9.1 million stolen cards were sold at BriansClub, which brought the resource about $ 126 million (all payments were made in cryptocurrency). Thus, potential losses could amount to up to 4 billion US dollars, if we rely on statistics from the US Department of Justice and assume that the average loss per bank card in such cases is about 500 US dollars.