Cyber Theft Alert Briansclub Stolen Credit Cards
Briansclub runs a clandestine marketplace on the dark web that sells stolen credit card data and has built up a solid customer service and constant supply of fresh card data, according to Krebs. Thousands of individuals use the brians club underground market to hack into credit card systems both online and in brick-and-mortar stores, leading to an unprecedented rise in fraud that has put financial institutions under strain and shaken consumer trust.
Credit Card Numbers
As the Internet of Things grows, criminals find it easier than ever to obtain your private data and steal it for criminal gain. With every swipe on a credit card or purchase made online becoming possible funding a cybercriminal enterprise, it is imperative to understand how criminals do this. One of the largest underground websites selling stolen card data has recently been compromised and over 26 million payment cards have been stolen from there alone!
Security journalist Krebs on Security exposed Briansclub, a black market site which specialized in selling stolen credit card numbers, last month after receiving information from an anonymous source that purported to include all available cards at Briansclub – both currently and historically – through comparing redacted files against current listings at Briansclub; many matched.
Cybercriminals purchase and sell stolen card data at underground shops like Briansclub to make money, while site operators also take a cut of any revenue generated from those purchasing cards from it. Krebs on Security shared its purloined Briansclub database with Gemini Advisory in New York; Gemini tracks most of the 87 million cards for sale throughout cybercrime underground; this data showed that at least 9 million cards available at Briansclub had already been sold by at least 142 resellers with at least 50 buyers purchasing each purchase – showing just one aspect of cybercrime’s lucrative ecosystem that cybercriminals take.
According to Gemini Advisory, most of the stolen cards at Briansclub will expire by October 2019 – providing consumers with another year or so to spend freely using these stolen credit cards – however over 2 million may not. The breached data serves as a stark reminder that we all face risks with regard to our private information being stolen, prompting consumers to keep an eye on their bank statements when shopping and enable two-factor authentication whenever possible.
Profits generated by stolen credit card data can have devastating repercussions for both individuals and financial institutions alike, as fraud victims turn into victims of identity theft while financial institutions must monitor and reissue cards that end up on dark web marketplaces for sale. Yet it proves that even cybercriminals who appear resilient can be defeated.
Expiration Dates
Briansclub has quickly become a household name among cybercriminals thanks to its longstanding history of offering stolen credit card data for sale online and black market websites. Criminals use this stolen data for illegal online transactions or buying items for resale on such marketplaces. Briansclub has also been implicated in high-profile hacking incidents and cybercrime attacks.
Last month, security reporter Brian Krebs discovered that an eCommerce site had been compromised and over 26 million payment cards had been compromised. KrebsOnSecurity received a plain text file with all this stolen data contained within it – including credit card numbers and expiration dates, security codes, cardholder names, etc.
Briansclub was used by its owners to post stolen card information gathered from both online and physical retailers over four years, some of which had already expired or would do so soon thereafter.
Krebs reported that the card numbers available at Briansclub had been stolen by hackers or “resellers”, who make a living by breaking into point-of-sale systems in physical stores and restaurants or hacking online payment websites that accept payment cards. They then resell these stolen cards on criminal forums where they receive a cut of each transaction while providing their data to companies which use it to identify or monitor fraudulent activity.
Criminals typically exploit vulnerabilities in payment systems like Briansclub in minutes to use newly added card numbers for fraudulent purchases – commonly known as carding – by exploiting payment system vulnerabilities to bypass cardholder consent and steal funds or products without their knowledge or approval.
Carding operations range from using simple skimming devices at gas stations, or more sophisticated methods such as installing data-grabbing malware onto point-of-sale systems of restaurants or stores, to installing data-grabbing malware onto them and collecting credit card numbers from people there. Once criminals obtain card numbers they can then use them fraudulently in transactions to make it appear that they are the true cardholders.
Security Codes
Briansclub, one of the largest underground stores for buying stolen credit card data, was recently compromised and its hack retrieved over 26 million payment card details, which can then be used by criminals to create counterfeit cards that charge victims’ accounts and then use for spending sprees for discounted merchandise that they intend on reselling later on.
KrebsOnSecurity reported the breach on Tuesday. KrebsOnSecurity identified the site’s owner(s), known as “resellers.” Resellers make their living by breaking into payment card systems online and in physical stores to gain access to payment card numbers; then reselling these stolen cards at a fraction of their total value for profit.
On this site, cards for sale typically represent “dumps,” or unauthorized digital copies of credit and debit card magnetic stripe data that could be used for fraudulent activities including:
BriansClub provides stolen credit card data for sale and also provides criminals with tools to validate its validity. LuxChecker charges a nominal fee to verify whether stolen card records are active; while another tool, called 0check is free to use.
These tools may not be perfect, but they do provide criminals with valuable intelligence when searching for credit card data to use in their schemes. Breach at Briansclub and other carder sites have come at a significant cost both to individuals whose data has been compromised as well as to financial institutions who must bear fraud losses and regulatory compliance costs as a result of breaches such as those at Briansclub and carder sites.
BriansClub sells stolen card data obtained by hackers over many years from hundreds, or sometimes thousands, of hacked online portals and brick-and-mortar stores that they breached – an ongoing revenue source for cybercriminals who make their living hacking and then selling stolen card data, KrebsOnSecurity reported.
Personal Information
Briansclub is a dark web marketplace offering stolen credit card information at discounted rates to enable cybercriminals to make money and avoid detection. Dubbed after noted cybersecurity reporter Brian Krebs for its reporting of cybercrime, Briansclub has been subjected to multiple law enforcement crackdowns yet it continues operating and flourishing regardless – even adopting his image for its login screen as an ironic tribute that blurs the distinction between cybercrime and culture.
Stealth credit cards can often be found for sale on black market websites after hackers gain access to various sources and obtain them illegally, such as breaching point-of-sale systems at physical stores or using malware to collect card numbers online shopping platforms. Once obtained, this stolen information is often used fraudulently in either store environment.
Once stolen credit card data is uploaded to an underground website, it’s made available for sale at prices determined by factors like country of origin and credit limit. Users of the website can sort and filter cards according to these criteria, making it easier for criminals to find what they’re searching for.
Flashpoint Inc. conducted analysis that determined most of these 26 million cards — 46 percent credit and 54 percent debit — came from hacking brick-and-mortar retailers as well as online stores, and over 14 million remain valid and have yet to expire, which gives criminals plenty of opportunity for use.
Briansclub not only sells stolen card data, but also resells cards already on the black market. Affiliates or partners of briansclub cm earn a percentage from every sale; often purchasing them from other cybercriminals or obtaining them themselves through hacks.
Last month, KrebsOnSecurity received a file purporting to contain all stolen card listings sold on Briansclub. Some cards in the file matched redacted versions available at Briansclub – suggesting the purloined database may indeed be genuine.