The following story can be described as a “hack the hackers” type of story.
Apparently, one of the largest underground stores for purchasing stolen credit card data has been hacked itself. As a result, more than 26 million credit and debit card details were extracted from the store.
According to Brian Krebs, the stolen data has been “taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”
BriansClub Underground Market Hacked
So, what happened? Security and privacy expert Brian Krebs recently was contacted by a source who shared a plain text file that contained the full database of cards offered for sale on BriansClub.at. What is very intriguing is that BriansClub is imitating the style of Brian Krebs’ website, and the underground store even claims a copyright with a reference at the bottom of every page: “© 2019 Crabs on Security.”
Several people who reviewed the database shared by the source of Brian Krebs were able to confirm that the same credit card records could be discovered in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account, Krebs wrote in his blog post detailing the hack.
All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.
The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million cards added; 2018 brought in 9.2 million more.
According to a FlashPoint’s analysis, the data suggests that between 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales in Bitcoin.
In general, breaches of underground databases not only prevent further cybercrime but can also lead to arrests and prosecutions.
“When people talk about ‘hacking back,’ they’re talking about stuff like this. As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it“, said Allison Nixon, director of security research at FlashPoint.