Security & Fraud

White-Hat Hacker Swipes 26M Stolen Credit Cards From Dark Web

26M Credit Cards Swiped From ‘Dumping’ Site

Data from more than 26 million credit and debit cards was stolen from BriansClub, an underground marketplace for stolen credit card information, KrebsOnSecurity reported Tuesday (Oct. 15).

The hacked records were lifted from online portals as well as brick-and-mortar retailers over the past four years. The hacked info includes almost 8 million records added to BriansClub in 2019 alone.

KrebsOnSecurity was contacted in September by someone who said he had a “full database of cards” that were either currently for sale on BriansClub or had been in the past. The site mimics the website of journalist Brian Kreb.

“All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground,” the article said.

According to the leaked data, card information for sale on BriansClub showed a steady increase of inventory. In 2015, the website added 1.7 million card records for sale. By 2018, the site added data for 9.2 million cards.

BriansClub mostly offers “dumps” — an unauthorized digital copy of the information contained in the magnetic strip of an active credit card — that hackers use to buy high-ticket merchandise at big box stores.

It’s not clear if any of the 26 million-plus cards for sale at BriansClub are legitimate, but cards with future expiration dates tally over 14 million.

As an average baseline, each stolen credit card is valued at $500 when prosecuting cyber thieves.

Flashpoint, a New York City-based security intelligence firm, did an “extensive analysis of the database” and said stolen card information for sale on BriansClub tallies about $414 million.

Card dumping sites like BriansClub mostly resell cards stolen by other cybercriminals who earn a percentage from each sale.

Card skimmers today are largely invisible to the eye, but many contain wireless Bluetooth technology, making it easy for thieves to wirelessly download the stolen data. These skimmers can also connect to magnetic readers and keypads to swipe authenticating information like PINs and ZIP codes.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.