“BriansClub” Hack "Rescues" 26M Stolen Cards
upstart writes:
Submitted via IRC for SoyCow9088
"BriansClub" Hack Rescues 26M Stolen Cards
Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: "(C) 2019 Crabs on Security."
Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.
All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.
[...] An extensive analysis of the database indicates BriansClub holds approximately $414 million worth of stolen credit cards for sale, based on the pricing tiers listed on the site. That's according to an analysis by Flashpoint, a security intelligence firm based in New York City.
Allison Nixon, the company's director of security research, said the data suggests that between 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales (all sales are transacted in bitcoin).
[...] In a message titled "Your site is hacked,' KrebsOnSecurity requested comment from BriansClub via the "Support Tickets" page on the carding shop's site, informing its operators that all of their card data had been shared with the card-issuing banks.
I was surprised and delighted to receive a polite reply a few hours later from the site's administrator ("admin"):
Read more of this story at SoylentNews.