In a significant development, BriansClub.cm, one of the largest black market platforms, recently experienced a security breach aimed at retrieving data related to more than 26 million stolen payment cards. These card details had been pilfered from both online platforms and brick-and-mortar retail stores dating back to 2015.
The breach came to light after a source shared a plain text file, claiming to contain the complete database of cards for sale, encompassing both the existing cards and those previously available on the site. The data, successfully extracted from BriansClub, has been shared with financial institutions responsible for identifying, monitoring, and reissuing compromised cards that appear on illicit forums.
BriansClub primarily operates as a reseller of stolen cards acquired from other threat actors, known as resellers or affiliates. This model results in both BriansClub and its affiliated resellers earning a percentage from each card sale.
A Decade of Illicit Activities: To put the scale of this operation into perspective, BriansClub has been accumulating stolen card records for an extended period. In 2015, it listed 1.7 million card records for sale. The following year, 2016, witnessed an upload of 2.89 million stolen cards. In 2017, the figure soared to 4.9 million cards, and 2018 saw an additional 9.2 million cards added.
The year 2019 exhibited a staggering surge, with briansclub.cm introducing a whopping 7.6 million cards between January and August. According to security intelligence firm Flashpoint, the website was potentially harboring a stockpile worth an estimated $414 million in stolen credit cards for sale.
The Unseen Threat: The data harvested from briansclub.cm is represented as strings of binary code, comprising zeroes and ones. These codes can be encoded onto any medium equipped with a magnetic strip of the size of a credit card, facilitating unauthorized transactions.
The BriansClub security breach serves as a stark reminder of the ongoing challenges in the realm of cybersecurity and the continuous evolution of illicit activities in the digital landscape.