BrianClub Suffers Serious Hack Affecting Millions of Stolen Credit Cards
BrianClub, one of the most popular dark web stores known for the sales of stolen credit cards has undergone a serious data breach, affecting about 26 million stolen credit cards. According to a report, BrianClub has for the past 4 years uploaded millions of stolen credit card details from a number of online stores and payment systems.
Considering the fact that 78% of stolen credit card details are linked to a few dark web stores, this operation has been predicted to have a massive effect on the dark web market in the short term.
According to the report published by Krebsonsecurity, an unidentified source informed them in September 2019, on the data breach. As claimed by the report, the source shared a plain text of file containing a full database of the stolen credit card details currently being sold, as well as those that have been sold. From the records, it was obvious BrianClub has been successful in using the likeness of Brian Krebs to increase sales year after year.
In 2015, BrianClub uploaded a total of 1.7 million stolen credit card details on the dark web. The leaked data reveals that credit card was in high demand on the dark web, making BrianClub adjust the number of uploaded details to 2.89 million in 2016.
In 2017, 4.9 million were uploaded, and in 2018, closed to twice the number of cards uploaded in 2017 was made available for sale. The 9.2 million uploaded stolen cards in 2018 reveals how business was booming. Between January 2019 and August 2019, about 7.6 million credit cards were uploaded. It was reported that the database has been shared with multiple sources closed to financial institutions to monitor, identify and reissue the cards leaked online.
Krebsonsecurity reported that they contacted BrianClub through their support ticket and informed them that their stolen credit card details have been shared with the issuing banks, and he wrote the subject as “your site is hacked”.
Someone replied claiming he is the real Brian Crebs. He pointed out that the subject of the support ticket was supposed to be “data centre was hacked”. He then assured them that all the stolen credit cards affected by the data breach have been taken off sales, so there should not be any worries with the issuing bank.
According to Flashpoint, a security intelligence firm in New York, a spot check comparison between the stolen database and the cards being advertised on the BrianClub platform reveals that the leaked stolen credit card details have not been removed. Allison Nixon, the Director of Security Research of Flashpoint, pointed out that BrianClub has sold about 9.1 million stolen credit card details out of the many uploaded records from 2015 to August 2019. This has earned them about $126 million.
The total number of stolen credit card details uploaded on the site largely exceeds the number of buyers, which means a lot of the cards have already expired on the website. Flashpoint further stated that based on the prices listed on the site, BrianClub possesses about $414 million worth of stolen credit card details on the sale.
Nixon also stated that various governments should make it a priority to hack into criminal websites that offer a credit card for sale, just as they do in other areas. Nixon added that the breach of BrianClub will not only aid in the prevention of cybercrime but will also lead to arrests. A few other references can be made from previous criminal enterprises hacked and how perpetrators were arrested.
According to the co-founder and CEO of Gemini, Andrei Barysevich, the breach of BrianClub is significant, as his company can trace about 87 million stolen credit card details as well as debit card details to online black markets.
In recent years, authorities have placed a high priority on illegal credit card enterprises, forcing them to go undercover on the dark web to control the huge operations that go on there. Credit card business is one of the fast-growing businesses on the dark web due to the high demand and the profit that comes with it.
In the first half of 2019, data breach hit an unprecedented rate with public institutions and private companies being the major victims. Hackers mostly employ their technical-know-how to infect online payment systems with malware that are capable of obtaining credit card information from users.
From the many uploads of stolen credit card details by BrianClub, it is evident that many people become victims day after day, and it has strongly been advised that individuals should use a different credit card and debit card to make and receive any form of online payment to stay safe.