Prolific payment data peddler BriansClub has been hacked

The four-year operation is under threat as records amounting to more than double its all-time sales have been stolen back

Online payment

A website specialising in the sale of stolen payment details has itself been hacked, seeing 26 million records removed from the storefront.

BriansClub is modelled after the site of security researcher Brian Krebs, also using his likeness in various graphics across the store. It sells payment details stolen by other hackers, allowing them to earn a percentage of the sale.

Advertisement - Article continues below

The identity or motivations of the hacker who reclaimed the stolen details are not yet known, but an expert speaking to KrebsOnSecuritywhich first reported the event, said the hack on the biggest store of its kind will have short-term effects on how competitors price their products.

"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," said Andrei Barysevich, co-founder and CEO at Gemini. "However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalise on the disappearance of the top player."

The data sold on BriansClub is mostly in the form of dumps: Strings of binary code which can then be used as a viable payment method when encoded onto a magnetic stripe the size of a credit card.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In the US, prosecutors will typically place a $500 value to each stolen credit or debit payment record a figure which reflects the estimated average loss of each compromised cardholder, after the card issuer reimburses the total losses.

Using that figure, the massive total value of the stolen records involved in this hack would be placed at $13 billion (10.21 billion).

The site's supply, however, greatly exceeds the demand from buyers. An analysis by security firm Flashpoint showed that just 9.1 million cards were sold through the site between 2015 and August 2019, which is less than the total number of cards added in 2018 alone (9.2 million).

"The theft ultimately has little impact on credit card owners. All of the cards were going to be used for fraud, anyway," Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro.

"It's interesting to note that Krebs thinks the supply of stolen cards for sale on BriansClub outstrips demand there are literally more stolen credit cards up for sale than criminals know what to do with."

Advertisement - Article continues below

In messages sent between Krebs and the BriansClub admin through the site's support ticket page, the admin said the site itself hadn't been hacked, instead, it was the data centre that stores the card details.

The admin also said the stolen records had been taken off the site's store page, although this claim seems to be false after cross-referencing the stolen records with listings on BriansClub.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020
Visit/security/cyber-security/355791/cyberpeace-institute-urges-governments-to-work-together-to-stop
cyber security

Governments urged to work together to stop health care cyber attacks

26 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020