Prolific payment data peddler BriansClub has been hacked

The four-year operation is under threat as records amounting to more than double its all-time sales have been stolen back

Online payment

A website specialising in the sale of stolen payment details has itself been hacked, seeing 26 million records removed from the storefront.

BriansClub is modelled after the site of security researcher Brian Krebs, also using his likeness in various graphics across the store. It sells payment details stolen by other hackers, allowing them to earn a percentage of the sale.

The identity or motivations of the hacker who reclaimed the stolen details are not yet known, but an expert speaking to KrebsOnSecuritywhich first reported the event, said the hack on the biggest store of its kind will have short-term effects on how competitors price their products.

"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," said Andrei Barysevich, co-founder and CEO at Gemini. "However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalise on the disappearance of the top player."

Advertisement
Advertisement - Article continues below

The data sold on BriansClub is mostly in the form of dumps: Strings of binary code which can then be used as a viable payment method when encoded onto a magnetic stripe the size of a credit card.

In the US, prosecutors will typically place a $500 value to each stolen credit or debit payment record a figure which reflects the estimated average loss of each compromised cardholder, after the card issuer reimburses the total losses.

Using that figure, the massive total value of the stolen records involved in this hack would be placed at $13 billion (10.21 billion).

The site's supply, however, greatly exceeds the demand from buyers. An analysis by security firm Flashpoint showed that just 9.1 million cards were sold through the site between 2015 and August 2019, which is less than the total number of cards added in 2018 alone (9.2 million).

"The theft ultimately has little impact on credit card owners. All of the cards were going to be used for fraud, anyway," Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro.

"It's interesting to note that Krebs thinks the supply of stolen cards for sale on BriansClub outstrips demand there are literally more stolen credit cards up for sale than criminals know what to do with."

In messages sent between Krebs and the BriansClub admin through the site's support ticket page, the admin said the site itself hadn't been hacked, instead, it was the data centre that stores the card details.

The admin also said the stolen records had been taken off the site's store page, although this claim seems to be false after cross-referencing the stolen records with listings on BriansClub.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019