News

Hacking BriansClub Carder Website Leads to 26 Million Bank Card Data Leaks

The well-known information security journalist Brian Krebs reported about hacking BriansClub (BriansClub [.] At), a website where were bought and sold stolen bankcards, and a large data leak from there.

The data stolen from BriansClub contains more than 26 million records of credit and debit cards that fell into the hands of attackers through hacked online stores and retail outlets over the past four years. Nearly eight million records were uploaded only in 2019.

“The creators of BriansClub have been trolling me for quite some time: they use the face in their advertising banners, and a strange copyright message is posted in the “basement” of the site:“ © 2019 Crabs on Security ”, which clearly hints at Krebs’s personal blog – KrebsOnSecurity, – complained Brian Krebs.

Information about the dump containing data on 26 million bank cards, Krebs provided his own source, sending it in a simple text file format. Several people who studied this database at the request of a journalist confirmed that paid BriansClub members could find the same entries on the trading floor, but in a more edited form. According to Krebs, about 14 million cards from this dump can still be valid.

Brian Krebs

“All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground”, — reported Brian Krebs.

After investigating the leak, Krebs concluded that at the beginning of their activity, in 2015, BriansClub put up for sale 1.7 million cards, but the fraudsters business was developing rapidly: in 2016, 2.89 million stolen cards were uploaded to BriansClub, in 2017 about 4.9 million cards were added; and 2018 brought another 9.2 million. Between January and August 2019 (when, apparently, a dump was made), approximately 7.6 million more cards were added to BriansClub.

Read also: Europol called the main cyberthreats of 2019

According to Flashpoint’s analysis, BriansClub stored stolen bankcard information worth about $ 414 million, based on the price levels indicated on the site.

Between 2015 and 2019, about 9.1 million stolen cards were sold at BriansClub, which brought the resource about $ 126 million (all payments were made in cryptocurrency). Thus, potential losses could amount to up to 4 billion US dollars, if we rely on statistics from the US Department of Justice and assume that the average loss per bank card in such cases is about 500 US dollars.

The BriansClub operators that journalist contacted agreed to talk and said that the leak was due to a hack in the data center, as well as caustically asking Krebs not to worry, because all the stolen data had already been withdrawn from sale. Flashpoint experts conducted their own verification and claim that the attackers are cunning and that the leaked data was not deleted from the site.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago