In a significant development, BriansClub.cm, one of the largest black market platforms, recently experienced a security breach aimed at retrieving data related to more than 26 million stolen payment cards. These card details had been pilfered from both online platforms and brick-and-mortar retail stores dating back to 2015.
The breach came to light after a source shared a plain text file, claiming to contain the complete database of cards for sale, encompassing both the existing cards and those previously available on the site. The data, successfully extracted from BriansClub, has been shared with financial institutions responsible for identifying, monitoring, and reissuing compromised cards that appear on illicit forums.
BriansClub primarily operates as a reseller of stolen cards acquired from other threat actors, known as resellers or affiliates. This model results in both BriansClub and its affiliated resellers earning a percentage from each card sale.
A Decade of Illicit Activities: To put the scale of this operation into perspective, BriansClub has been accumulating stolen card records for an extended period. In 2015, it listed 1.7 million card records for sale. The following year, 2016, witnessed an upload of 2.89 million stolen cards. In 2017, the figure soared to 4.9 million cards, and 2018 saw an additional 9.2 million cards added.
The year 2019 exhibited a staggering surge, with briansclub.cm introducing a whopping 7.6 million cards between January and August. According to security intelligence firm Flashpoint, the website was potentially harboring a stockpile worth an estimated $414 million in stolen credit cards for sale.
The Unseen Threat: The data harvested from briansclub.cm is represented as strings of binary code, comprising zeroes and ones. These codes can be encoded onto any medium equipped with a magnetic strip of the size of a credit card, facilitating unauthorized transactions.
The BriansClub security breach serves as a stark reminder of the ongoing challenges in the realm of cybersecurity and the continuous evolution of illicit activities in the digital landscape.
Summary
BriansClub.cm, a major black market platform, recently suffered a security breach that aimed to obtain data related to over 26 million stolen payment cards. These stolen card details were taken from various sources, including online platforms and physical retail stores, going back to 2015.
The breach was revealed when a source shared a plain text file, claiming to contain the entire database of cards available for sale on the platform, including both existing and previously listed cards. The extracted data from BriansClub has been shared with financial institutions responsible for identifying and monitoring compromised cards, enabling them to reissue them to affected customers.
BriansClub mainly operates as a reseller of stolen cards acquired from other threat actors, known as resellers or affiliates. This business model allows both BriansClub and its affiliated resellers to profit from each card sale.
The scope of this operation is significant, as BriansClub has been accumulating stolen card records for an extended period. In 2015, the platform listed 1.7 million card records for sale, with the numbers increasing in subsequent years. By 2019, the website potentially harbored a stockpile worth an estimated $414 million in stolen credit cards for sale, according to security intelligence firm Flashpoint.
The data obtained from BriansClub is in the form of binary code, which can be encoded onto any medium with a magnetic strip similar to a credit card. This makes it possible to use these stolen card details for unauthorized transactions.
The BriansClub security breach serves as a stark reminder of the ongoing challenges in the realm of cybersecurity and the constant evolution of illicit activities in the digital landscape.
