Prolific payment data peddler BriansClub has been hacked

Online payment

A website specialising in the sale of stolen payment details has itself been hacked, seeing 26 million records removed from the storefront.

BriansClub is modelled after the site of security researcher Brian Krebs, also using his likeness in various graphics across the store. It sells payment details stolen by other hackers, allowing them to earn a percentage of the sale.

The identity or motivations of the hacker who reclaimed the stolen details are not yet known, but an expert speaking to KrebsOnSecurity, which first reported the event, said the hack on the biggest store of its kind will have short-term effects on how competitors price their products.

"With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," said Andrei Barysevich, co-founder and CEO at Gemini. "However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalise on the disappearance of the top player."

The data sold on BriansClub is mostly in the form of dumps: Strings of binary code which can then be used as a viable payment method when encoded onto a magnetic stripe the size of a credit card.

In the US, prosecutors will typically place a $500 value to each stolen credit or debit payment record a figure which reflects the estimated average loss of each compromised cardholder, after the card issuer reimburses the total losses.

Using that figure, the massive total value of the stolen records involved in this hack would be placed at $13 billion (10.21 billion).

The site's supply, however, greatly exceeds the demand from buyers. An analysis by security firm Flashpoint showed that just 9.1 million cards were sold through the site between 2015 and August 2019, which is less than the total number of cards added in 2018 alone (9.2 million).

"The theft ultimately has little impact on credit card owners. All of the cards were going to be used for fraud, anyway," Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro.

"It's interesting to note that Krebs thinks the supply of stolen cards for sale on BriansClub outstrips demand there are literally more stolen credit cards up for sale than criminals know what to do with."

In messages sent between Krebs and the BriansClub admin through the site's support ticket page, the admin said the site itself hadn't been hacked, instead, it was the data centre that stores the card details.

The admin also said the stolen records had been taken off the site's store page, although this claim seems to be false after cross-referencing the stolen records with listings on BriansClub.

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.