Briansclub Credit Card Theft Dealer Data Breach
One of the world’s largest underground stores for selling stolen credit card data has been compromised, exposing 26 million stolen records stolen over four years from both online and physical businesses that had been compromised. KrebsOnSecurity received from an anonymous source a plain text file containing a database of stolen cards for sale at brians club, including redacted versions that appear there.
What happened?
Briansclub cm was hit with a devastating cyber attack in 2020 that resulted in the theft of sensitive information such as credit card numbers and personal identification documents. These data breaches can have severe financial repercussions for businesses and consumers alike and put individuals at risk of identity theft, fraud or other malicious activities. It serves as an important reminder for businesses to ensure that their systems are secure against potential attackers.
Cybercriminals broke into a company and stole payment card details before selling them on the black market, using this data to commit fraud or commit other criminal acts against victims, leading them into debt, theft and even fraudulent purchases.
Individuals can protect themselves against this issue through several means. First and foremost, it’s critical that they monitor credit cards and bank accounts regularly for any unauthorized charges that might occur and report any suspicious activity immediately to law enforcement. Furthermore, it would be prudent to regularly change passwords as well as use strong encryption when transacting online transactions.
Searching for companies offering two-step verification when making online purchases can also help mitigate this type of issue, by sending a code directly to their phone or email account and forcing them to enter it before any transaction can be finalized. This simple yet effective measure protects sensitive information.
Hackers who stole payment card data and sold it on the dark web were able to turn significant profits from this illegal practice. Their black market has earned a stellar reputation due to the quality of information it sells; hackers constantly add fresh breaches or cyber attacks’ data into their stock to satisfy buyer appetite for this type of information.
Unfortunately, criminals can be hard to track down. Many operate internationally with an expansive knowledge of cybercrime operations; others use “mules,” people who accept payments on their behalf before sending it onto actual hackers.
How did it happen?
The hack of an underground store dedicated to selling stolen credit card information has served as a wakeup call for many individuals and organizations alike. No matter the source of hacking data – compromised point-of-sale system, card processor breach, skimming device, phishing attack, or otherwise – its consequences remain the same: victims had their personal financial details exposed; in many instances unauthorised charges made on their accounts leading to substantial financial loss as well as added stress and expense for themselves and financial institutions who must reimburse customers as well as invest in security measures against future breaches.
Nefarious hackers and cybercriminals known as “carders” understand the potential rewards of engaging in this lucrative and risky trade well. To gain access to credit card data they employ various techniques including hacking databases containing this data, using malware and exploiting flaws in e-commerce platforms to steal it, phishing scams to coax unsuspecting victims into disclosing financial details online or social engineering techniques at physical stores – once carders possess enough information they sell it off on black markets and criminal forums – profiting greatly from these activities.
Briansclub cm is one such dark web marketplace that has become the go-to spot for carding-related sales, boasting its reputation by becoming an easy way for criminals to purchase new card information. Offering a comprehensive selection of data organized for easy browsing by potential buyers. Furthermore, Briansclub cm accepts payments via cryptocurrency like Bitcoin to enhance anonymity further.
KrebsOnSecurity received a link to files containing payment card data stolen from Briansclub and sold over 26 million times between 2015 and 2019 as “dump cards.” These “dump” cards, consisting of both debit and credit card records, include full names, addresses and expiration dates – with 21.6 million cards still valid up until October 2019 providing ample opportunity for fraud.
What can be done about it?
Even with recent advances in cybersecurity, modern cybercrime remains an ongoing threat. The Briansclub incident highlights how criminals use stolen card data to turn it into real-world cash by making purchases both online and in stores, running up charges against other people’s cards, buying products for cut-price reselling, etc. Such scams have severe repercussions for individuals whose accounts have been compromised as well as financial institutions which incur fraud losses and compliance costs due to these scams.
Briansclub data breach was sold to cybercrime rings via “carding” sites, where criminals exploit vulnerabilities in payment systems to steal and use credit card details for unauthorised transactions. KrebsOnSecurity reported last month that an anonymous source shared with them a plain text file purporting to contain all Briansclub cards for sale; resellers or affiliates often sell stolen cards back onto carding websites at a commission rate per sale.
Krebs reported that the stolen Briansclub data contained binary code to create fraudulent magstripe cards for use at stores and restaurants to purchase expensive electronics and goods fraudulently. Breaking into point-of-sale systems with skimming devices or hacking into payment processors would likely prove more difficult.
Krebs estimates that Briansclub sold 9.1 million cards since 2015 that have resulted in $414 million worth of fraud, as federal prosecutors typically value stolen card records at $500 per cardholder who was targeted.
As it remains to be determined whether those responsible will ever face prosecution, companies can learn from such incidents by taking steps to ensure their security programs are functioning as designed – particularly when third-parties are involved. Business leaders should interview those who discovered breaches as well as verify whether service providers are actually providing adequate mitigation of vulnerabilities as claimed.
Consumers can take steps to safeguard themselves by regularly reviewing bank and credit card statements for suspicious activity, reporting it to credit bureaus and law enforcement if necessary, using strong passwords, and activating two-factor authentication when possible.
Is this a lesson for other companies?
The Briansclub cm Dealer Data Breach serves as a reminder that cyberattackers can target anyone connected to the Internet, and companies should take proactive measures against such attacks as they can incur significant losses and compromise customer trust in their wake.
As this incident may prompt other businesses to strengthen their security measures, consumers could be protected against credit card fraud and other forms of malicious activity. Unfortunately, criminals could find ways around such security measures, potentially creating more serious threats in the future.
What this attack means for consumers is an immediate financial strain: Unauthorized charges could appear on credit or bank accounts without their knowledge, creating considerable strain and stress that is hard to bear. Furthermore, this attack could negatively impact their credit scores in ways that may last far beyond its immediate effects.
As with anything, monitoring your credit report regularly is also key for keeping any suspicious activity under control and reporting it immediately. Furthermore, using strong passwords that you change frequently will prevent cybercriminals from guessing them and accessing your accounts without permission.
The Briansclub Data Breach is notable, representing one of the largest underground stores for purchasing stolen credit card records. KrebsOnSecurity reports that 26 Million Credit and Debit Card Records from Hacked Online and Brick and Mortar Retailers over four years were uploaded into BriansClub Shop during that period – eight Million cards being uploaded this year alone!
KrebsOnSecurity was able to verify that BriansClub proprietor(s) regularly upload new batches of stolen cards onto their storefront – typically including information derived from magnetic strips such as their expiration date, CVV code and other details – including any valid ones in circulation.
As briansclub cm sells cards with imminent expiration dates, cybercriminals can quickly cash them out and cash them out later for years to come. Furthermore, many stolen card records belong to people with jobs and homes – meaning those impacted may face substantial monetary losses and other problems as a result of this data breach.