Prolific payment data peddler BriansClub has been hacked

The four-year operation is under threat as records amounting to more than double its all-time sales have been stolen back

Online payment

A website specialising in the sale of stolen payment details has itself been hacked, seeing 26 million records removed from the storefront.

BriansClub is modelled after the site of security researcher Brian Krebs, also using his likeness in various graphics across the store. It sells payment details stolen by other hackers, allowing them to earn a percentage of the sale.

The identity or motivations of the hacker who reclaimed the stolen details are not yet known, but an expert speaking to KrebsOnSecuritywhich first reported the event, said the hack on the biggest store of its kind will have short-term effects on how competitors price their products.

"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," said Andrei Barysevich, co-founder and CEO at Gemini. "However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalise on the disappearance of the top player."

Advertisement - Article continues below
Advertisement - Article continues below

The data sold on BriansClub is mostly in the form of dumps: Strings of binary code which can then be used as a viable payment method when encoded onto a magnetic stripe the size of a credit card.

In the US, prosecutors will typically place a $500 value to each stolen credit or debit payment record a figure which reflects the estimated average loss of each compromised cardholder, after the card issuer reimburses the total losses.

Using that figure, the massive total value of the stolen records involved in this hack would be placed at $13 billion (10.21 billion).

The site's supply, however, greatly exceeds the demand from buyers. An analysis by security firm Flashpoint showed that just 9.1 million cards were sold through the site between 2015 and August 2019, which is less than the total number of cards added in 2018 alone (9.2 million).

"The theft ultimately has little impact on credit card owners. All of the cards were going to be used for fraud, anyway," Paul Bischoff, privacy advocate at, told IT Pro.

"It's interesting to note that Krebs thinks the supply of stolen cards for sale on BriansClub outstrips demand there are literally more stolen credit cards up for sale than criminals know what to do with."

Advertisement - Article continues below

In messages sent between Krebs and the BriansClub admin through the site's support ticket page, the admin said the site itself hadn't been hacked, instead, it was the data centre that stores the card details.

The admin also said the stolen records had been taken off the site's store page, although this claim seems to be false after cross-referencing the stolen records with listings on BriansClub.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020

How to use Chromecast without Wi-Fi

5 Feb 2020
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020