26 Million Cards Rescued From BriansClub Dark Web Market Place

A leading dark web carding market, BriansClub, was infiltrated, and 26 million payment card records were exfiltrated and removed from the carding market ecosystem.

Unlike multi-good marketplaces, carding markets only sell one good: payment cards. Buyers purchase the data encoded onto a payment card’s magnetic strip or mag strip and can use this information to buy products online, launder money, or encode it onto a blank card and commit fraud.

Larger markets like BriansClub are likely purchasing the millions of cards they have in stock from a variety of smaller actors and syndicates. The removal of 26 million card records from the BriansClub carding market would then have a significant impact on these more minor actors. Competitive markets will also experience negative impacts as their “backward-exposure” makes them worthless.

Though consumers are mostly inconvenienced, with some being left responsible for fraudulent charges, payment card theft is a multi-billion dollar business for perpetrators and a multi-billion dollar risk for retailers, banks, and card issuers. One that costs financial institutions billions in losses each year. The breach and theft of 26 million stolen payment card records from BriansClub is a massive win for consumers, financial institutions, and security researchers as it could likely represent a significant portion of available stolen card records.

In this post, we will be reviewing the BriansClub breach and what we expect will happen next.

What Happened, Who Was Hacked?

BriansClub, a leading underground marketplace known for the sale of stolen credit card data, has been hacked, and 26 million payment cards were rescued, including 7.6 million uploaded this year alone.

Who Hacked the Carding Market?

The perpetrators of the hack are unknown, though there has been speculation that the marketplace was taken down by rivals like many others have. A consistent problem on the dark web and cybercriminal communities, infighting kills rival syndicates and sites. Even sites or actors that have resisted law enforcement action for years can be taken down by their rivals.

How Much Was The Dark Web Haul Worth?

Many federal prosecutions involving stolen credit card data, value stolen credit cards at $500 each. That value means the hack could have removed upwards of $414,000,0000.00 of potential profit from the dark web criminal economy. Criminals often funnel profits from payment card fraud back into other criminal enterprises, including more financial fraud, cybercrime, terrorism, and human trafficking.

Additionally, based on Terbium Labs’ internal database of stolen card records and publicly published figures about this hack, this “rescue” could represent over 50% of the available records from the last year instantly removed from the dark web. BriansClub was a significant player in the stolen payment card cybercrime economy, and the 9.1 million cards that were sold there since 2015 represent an estimated $4,000,000,000.00 in losses for financial institutions and consumers.

What We Expect Now on The Dark Web

When market disruptions like this happen, there is usually a new winner that emerges. For example, the takedowns of Alphabay and Hansa as part of Operation Bayonet led to Dream Market becoming the most prominent market before its eventual fall. These disruptions also increase the levels of FUD (fear, uncertainty, and doubt) in the dark web and cybercrime communities and contribute to a general slowdown in criminal activity as fraudsters try to avoid being caught up in law enforcement action. Other carding markets will fill the void left by BriansClub as the demand for payment card records still exists, and there are more than enough around. Nevertheless, this is a clear win for consumers, financial institutions, and security researchers, who are getting an excellent view of how these marketplaces operate and interact. For them, the disruption and its aftershocks could serve as a model for targeted hacking going forward.

Terbium Labs has studied and published research on the pervasive ties between fraud and transnational crime; taking down payment card marketplaces could make consumers safer in more ways than one.

Matchlight helps financial institutions, credit card issuers, retailers, and everyone else identify common denominators of compromise for payment card records and uses private, proactive, and constant monitoring to identify exposed payment card records on the dark web.

To learn more about Matchlight Common Points of Purchase, or to see Matchlight in action,