Prolific payment data peddler BriansClub has been hacked

The four-year operation is under threat as records amounting to more than double its all-time sales have been stolen back

Online payment

A website specialising in the sale of stolen payment details has itself been hacked, seeing 26 million records removed from the storefront.

BriansClub is modelled after the site of security researcher Brian Krebs, also using his likeness in various graphics across the store. It sells payment details stolen by other hackers, allowing them to earn a percentage of the sale.

The identity or motivations of the hacker who reclaimed the stolen details are not yet known, but an expert speaking to KrebsOnSecuritywhich first reported the event, said the hack on the biggest store of its kind will have short-term effects on how competitors price their products.

"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," said Andrei Barysevich, co-founder and CEO at Gemini. "However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalise on the disappearance of the top player."

The data sold on BriansClub is mostly in the form of dumps: Strings of binary code which can then be used as a viable payment method when encoded onto a magnetic stripe the size of a credit card.

In the US, prosecutors will typically place a $500 value to each stolen credit or debit payment record a figure which reflects the estimated average loss of each compromised cardholder, after the card issuer reimburses the total losses.

Using that figure, the massive total value of the stolen records involved in this hack would be placed at $13 billion (10.21 billion).

The site's supply, however, greatly exceeds the demand from buyers. An analysis by security firm Flashpoint showed that just 9.1 million cards were sold through the site between 2015 and August 2019, which is less than the total number of cards added in 2018 alone (9.2 million).

"The theft ultimately has little impact on credit card owners. All of the cards were going to be used for fraud, anyway," Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro.

"It's interesting to note that Krebs thinks the supply of stolen cards for sale on BriansClub outstrips demand there are literally more stolen credit cards up for sale than criminals know what to do with."

In messages sent between Krebs and the BriansClub admin through the site's support ticket page, the admin said the site itself hadn't been hacked, instead, it was the data centre that stores the card details.

The admin also said the stolen records had been taken off the site's store page, although this claim seems to be false after cross-referencing the stolen records with listings on BriansClub.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Roadmap 2021: What’s coming from 3CX
Advertisement Feature

Roadmap 2021: What’s coming from 3CX

30 Mar 2021