Security & Fraud

White-Hat Hacker Swipes 26M Stolen Credit Cards From Dark Web

26M Credit Cards Swiped From ‘Dumping’ Site

Data from more than 26 million credit and debit cards was stolen from BriansClub, an underground marketplace for stolen credit card information, KrebsOnSecurity reported Tuesday (Oct. 15).

The hacked records were lifted from online portals as well as brick-and-mortar retailers over the past four years. The hacked info includes almost 8 million records added to BriansClub in 2019 alone.

KrebsOnSecurity was contacted in September by someone who said he had a “full database of cards” that were either currently for sale on BriansClub or had been in the past. The site mimics the website of journalist Brian Kreb.

“All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground,” the article said.

According to the leaked data, card information for sale on BriansClub showed a steady increase of inventory. In 2015, the website added 1.7 million card records for sale. By 2018, the site added data for 9.2 million cards.

BriansClub mostly offers “dumps” — an unauthorized digital copy of the information contained in the magnetic strip of an active credit card — that hackers use to buy high-ticket merchandise at big box stores.

It’s not clear if any of the 26 million-plus cards for sale at BriansClub are legitimate, but cards with future expiration dates tally over 14 million.

As an average baseline, each stolen credit card is valued at $500 when prosecuting cyber thieves.

Flashpoint, a New York City-based security intelligence firm, did an “extensive analysis of the database” and said stolen card information for sale on BriansClub tallies about $414 million.

Card dumping sites like BriansClub mostly resell cards stolen by other cybercriminals who earn a percentage from each sale.

Card skimmers today are largely invisible to the eye, but many contain wireless Bluetooth technology, making it easy for thieves to wirelessly download the stolen data. These skimmers can also connect to magnetic readers and keypads to swipe authenticating information like PINs and ZIP codes.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.