Hackers successfully broke into brians club, an underground market dedicated to selling stolen credit card data, enabling investigators to collect 26 million payment card records stolen by criminals from online portals and stores over four years.

Most cards available for sale are junk cards that crooks encode with random strings of ones and zeroes so as to go on spending sprees.

The Attack

Cybercriminals who steal credit card data from victims use it for fraudulent purchases or sell it for profit, using information like cardholder names, expiration dates and CVV codes gathered during such attacks to make fraudulent purchases or sell it on. They often manage to gain access to additional valuable details including email addresses and phone numbers before selling this valuable data onto other criminals for identity theft and online fraud activities.

Briansclub cm breach is yet another indication of just how sophisticated and pervasive cybercrime has become. Hackers were able to gain entry to its payment system and acquire sensitive user data belonging to thousands of customers, leading them down an elaborate path toward identity theft.

Security blogger Brian Krebs reported that the hacking group responsible had obtained 26 million credit card records from the website and many may still be valid. These cards were acquired through various means such as hacking databases belonging to financial institutions and exploiting vulnerabilities on e-commerce platforms.

Once stolen credit card data is acquired, it is carefully organized and distributed on black market websites for sale to potential buyers. Buyers can search by country of origin or credit limit criteria before paying with cryptocurrency like Bitcoin to avoid being detected by law enforcement authorities.

Credit cards purchased from Briansclub cm are used by buyers to buy high-ticket items online or at brick-and-mortar stores, or simply make low-cost purchases to verify legitimacy of their card. Security experts do not expect that hackers who compromised Briansclub cm will ever be caught using these details to gain entry.

Briansclub cm’s site administrator, who claims to be Krebs and even uses his likeness in various graphics on the website, confirmed that its data center had been breached. Researchers discovered that some of this stolen information has been shared with banks for use in monitoring or issuing replacement cards that appear for sale on black markets.

The Target

Briansclub hack is an important reminder that no matter how secure our systems may seem, cybercriminals will still find ways to exploit them and steal sensitive data. Hackers behind this attack were able to gain access to millions of credit and debit card records including card numbers, expiration dates, CVV codes and cardholder names; all valuable pieces of information for criminals that could be used either directly for illegal purchases online or sold off illegal marketplaces.

Hackers behind this attack hacked into an underground site called Briansclub that specializes in selling stolen credit card data. Briansclub is among several major spots on the Dark Web where individuals buy and sell card information to be used in fraud schemes – these markets are known as carding markets, and form part of a global network that facilitates credit card fraud.

Krebs on Security reported that Briansclub hackers managed to gain access to and download what they claimed was an entire database of cards available for sale at the site, many stolen from traditional retailers over four years; 8 Million cards have already been uploaded onto Briansclub this year alone!

Criminals use stolen cards to commit a variety of crimes. Some cards may be used for identity theft or bank account heisting; others might even be used for purchasing electronics or high-ticket items from vendors or stores. Criminals obtain card data through skimming devices – small devices that place over card readers such as those found at gas stations – or installing point-of-sale malware on systems in restaurants or stores.

Stolen cards can then be sold through sites such as Briansclub for various prices depending on their quality and whether or not they’re current or expired. Cards belonging to individuals with high credit limits or individuals who possess significant net worth often command higher prices as these provide criminals with greater opportunities for profit.

The Damage

Briansclub, one of the largest underground carding stores worldwide, was recently compromised and 26 million credit and debit cards stolen were recovered, including card numbers, expiration dates, CVV codes and even cardholder names. Criminals can then use this data to make fraudulent purchases both online and at physical locations; as well as sell it off on dark web for large profits while using it to commit identity theft.

BriansClub, which is run by cybercriminals who specialize in selling stolen payment card data to other cybercriminals, was used to obtain this stolen data. KrebsOnSecurity verified its contents and estimated its sale at about $414 million based on pricing tiers; federal prosecutors typically value each stolen card at $500 which represents fraud suffered by cardholders who may have their card compromised.

Nearly all the stolen cards in this cache were legacy cards with magnetic stripes instead of chips, which are more susceptible to counterfeiting and reuse after being swiped in store or restaurant checkout systems. That is why having effective security measures in place regardless of how big or small your business might be is so essential.

While it remains unknown who reclaimed the stolen Briansclub data, security experts believe that its hack will have far-reaching ramifications for other websites of its type. Since 2015, when BriansClub launched under Krebs’ name and likeness, batches of stolen card records were uploaded by its proprietors: 1.75 million uploaded in 2015 alone; 2.89 million in 2016, 4.91 million in 2017, 9.2 million this year and so forth.

Allison Nixon, director of security research at Flashpoint cybersecurity firm, describes stolen card data as an endless source of discoveries for researchers. According to Nixon, it provides “an abundance of useful insights into the operations of this underground marketplace” such as BriansClub which serves as middlemen by evaluating and pricing stolen data in Bitcoin prior to selling it to resellers who resell on dark web marketplaces such as Silk Road or Deep Web markets. Banks and card issuers can then identify cards which appear for sale and monitor or reissue them as soon as they appear for sale or show up for sale on these sites – ultimately providing researchers with “unlimited opportunities”.

What You Can Do

Once a website that sells stolen credit card data has been compromised, thieves quickly use it for illicit gain. Criminals behind such operations use an intricate process to maximize profits while remaining undetected by authorities – here’s everything you should know about how hackers and cybercriminals convert everyday card swipes into illicit cash.

BriansClub, one of the largest Dark Web “carding” stores, was compromised recently when thieves managed to obtain 26 million payment card records. Modeled after security researcher Brian Krebs with his likeness used as part of its graphics, BriansClub sold data that allowed other hackers to create counterfeit magstripe cards used fraudulently for purchases at physical locations.

BriansClub operates using an elaborate system of resellers to acquire stolen card data from various sources including e-commerce sites and financial institutions, then meticulously organize and categorize it for sale on their site. Carders then profit by selling this information in exchange for bitcoins – an anonymous virtual currency which helps prevent tracking.

KrebsOnSecurity recently obtained a plain text file purporting to contain all card details uploaded for sale by briansclub cm over the last four years and found that their stockpile of stolen credit and debit card records totals more than $414 million, including 14 million still un-expired records.

Security analysts employed by financial institutions that monitor carding shops have verified the leaked data as confirmed. It represents one of the largest sets of stolen card data publicly released since Krebs reported on its theft of 1.7 million cards from brick-and-mortar stores back in 2015.

Although EMV chip cards were introduced with the goal of decreasing such activities, many crooks still see considerable value in selling stolen card records, until these technologies become widely deployed. You can help protect yourself by changing passwords and using two-factor authentication, as well as reporting any suspicious activity to both your bank and law enforcement.