Briansclub is one of the premier underground marketplaces for purchasing and selling stolen credit card information, known for its quality control measures and enjoys taunting Krebs, the cybersecurity journalist who runs his own blog, Krebs on Security. brians club breaches provide banks with invaluable insight, revealing how more than 26 million cards were obtained and sold online.

Credit Card Numbers

Briansclub is a dark web marketplace offering stolen credit card numbers. Once purchased, these stolen card numbers can be used by cybercriminals for fraudulent purchases at point-of-sale terminals or online payment systems and then misused for other illegal purposes including identity theft. Cybercriminals have previously sold these data sets on Briansclub for millions in bitcoin.

KrebsOnSecurity received from their source files with details on 26 million credit and debit cards stolen over four years from brick-and-mortar retailers as well as online platforms – eight million uploaded just this year alone! Most have expiration dates up until 2025. KrebsOnSecurity shared this trove of cards with Gemini Advisory who monitor underground carding stores that expose financial institution customers onto such illegal marketplaces.

Gemini has already seen Briansclub offer new card records for sale – and it is substantial. Gemini began tracking this data back in October 2018 and this latest batch from Briansclub represents by far the greatest volume since any carding shop began offering records for sale.

Criminals could find the new cards invaluable, particularly if they can acquire sensitive details like CVV codes and full names required to complete transactions. Criminals typically seek these details because they tend to yield greater profits than card numbers alone which may only be useful for making low-cost purchases before fraudsters reactivate a stolen card.

Briansclub has taken to using images of crabs, and claims the collection belongs to Crabs on Security (Krebs’ blog). Krebs says he does not take offense at this mocking; rather he considers it a compliment: his name and likeness has become so widely known among hackers and cybercriminals that many use his likeness or name as branding devices for malware or other criminal schemes.

Krebs’ reporting on breaches has caused banks to reconsider their approaches and protocols for dealing with suspicious activity, whether that means ignoring reports, cancelling cards and reissuing them or monitoring customers closely for signs of carding attacks such as low-cost purchases followed by high-ticket ones.

CVV2 Codes

Briansclub was one of the largest underground marketplaces for stolen card information, selling 26 million credit and debit card records at any given time for sale. Offering everything from magnetic stripe data dumps, CVV2 codes, full cards to facilitate financial fraud or identity theft were available here for sale – these products and services could then be used either legitimately online transactions or fraudulently by hackers for illegal purchases.

Briansclub provides additional tools and services that facilitate the illegal sale of stolen card information, such as fake passports and driver’s licenses, as well as stolen social security numbers paired with dates of birth that can be used in various identity theft schemes. Furthermore, Briansclub offers verification services like its 0Checker and LuxChecker products which verify credit card numbers’ validity.

Requiring CVV2 codes on every transaction is an effective way for merchants to prevent criminal fraud; however, this does not eliminate friendly fraud, in which an unauthorized transaction is performed using a card held by someone known. Even with an active CVV2 code in place, friends and family could potentially still purchase items online for themselves or use their card at stores to fraudulently gain cash back.

Overall, Briansclub shows us that cybercrime remains alive and kicking in our digital era, regardless of how large and well-staffed an organization may be. Despite law enforcement crackdowns, its underground carding marketplace has survived for years and thrives to this day – even taking direct aim at Krebs on Security by using my name and likeness in its storefront and claiming copyright of content published here.

Briansclub information has been passed along to various financial institutions that monitor, identify, monitor and reissue compromised cards when they appear for sale on criminal forums. This intel helps alert bank staff of exposed customer card data which in turn prompts them to reach out and cancel compromised cards from sale at Briansclub. It is unclear exactly how many stolen card listings still remain valid; two sources who worked with me on this report estimated that up to 80% had expired since being listed there for sale.

Fullz Codes

Last month, KrebsOnSecurity was approached by an anonymous source who provided us with nearly 10 GB worth of files that contained stolen credit and debit card data from 26 million credit and debit cards stolen from hundreds — if not thousands — of hacked online and brick-and-mortar businesses over four years. That data appears to have come from BriansClub – an underground “carding” shop which has used this author’s name, likeness and reputation as part of its advertising since 2015 to sell stolen account information directly back onto criminals who use it make unauthorized purchases online or locally.

BriansClub appears to have been breached, with card data stolen including CVVs (three or four-digit security codes printed on the backs of credit and debit cards), full cards (containing names, addresses, zip codes and expiration dates of card holders), as well as CVV2 security codes associated with bank accounts of cardholders. Fullz data are highly desirable because it allows fraudsters to commit online purchases without alerting retailers or the victim’s credit-card company of suspicious purchases; criminals often create accounts using fake billing addresses as well as providing their CVV number; then use fullz data to make purchases.

Cybercrime can be a cruel game; thus a black market seller’s reputation is as significant as their offerings. For example, carding stores that have earned a good name among hacker communities by providing high-quality stolen data at competitive prices are likely to command premium pricing from other threat actors who fear incurring chargebacks and jeopardizing business finances as well as consumer trust.

Hard to say exactly, but an estimate indicates that more than 14 million card records still have future validity dates that could allow fraudsters to use them – according to Flashpoint’s estimates, this inventory alone could be worth around $414 million.

Expiration Dates

An illegal black market site offering stolen credit card data was compromised recently, leading to 26 million cards being removed from sale on that platform and impacting those using stolen information to commit fraud or identity theft.

BriansClub, named after cybersecurity journalist and author Brian Krebs, is one of the largest underground stores for purchasing stolen credit card data. Operating since 2015, its advertising features Krebs’ likeness as well as his name.

Gemini Advisory, which closely tracks black market activity for new information, noted that one batch of BriansClub cards consisted of 46 percent credit and 54 percent debit cards; most records had been added earlier; some even came online this year. Gemini Advisory estimates that these cards may remain active for some time yet and give criminals ample opportunity to use them when purchasing goods and services from vendors.

BriansClub provides criminals with more than just stolen credit card data; it also provides them with tools for exploiting it in various ways. Services like LuxChecker and 0check allow thieves to verify a card’s information by sending a text message directly to its account number, helping reduce risk that an unauthorzied purchase occurs using that particular card number. Although expensive, this service helps lower risk when purchasing items not authorized by cardholders.

cybercriminals can use BriansClub to gain access to card expiration dates. This gives them an idea of when their chance to steal it may come up; should its expiration be imminent, criminals could make fraudulent purchases using that card by calling customer service and verifying details not on the bill – such as date of birth or mother maiden name of cardholders. briansclub cm appears to have been compromised by a single attacker; it remains unknown whether this individual remains operating the store or has moved on. Their motivation may have been increasing profits of their operation; if that were indeed the case, however, then stolen cards may also change how criminals price their offerings in future.