Data on 26 million compromised credit cards 'rescued' following hack of black market website BriansClub

BriansClub is estimated to have earned around $126m in bitcoin between 2015 and August 2019 by selling data on 9.1 million debit and credit cards

BriansClub, a black market site that trades stolen debit and credit card details, was recently hacked to reveal data on approximately 26 million payment cards.

The hack occurred in August, with the attackers turning over the data to the banking industry so they could be cancelled.

"With over 78 per cent of the illicit trade of stolen cards attributed to only a dozen 'dark web' markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term," Andrei Barysevich, co-founder and CEO of Gemini Advisory, told security journalist Brian Krebs, who discovered the breach.

A breach of this magnitude will undoubtedly disturb the underground trade in the short term

Gemini Advisory monitors numerous underground markets trading payment card data and tracks approximately 87 million card records.

According to KrebsonSecurity, the market operates at the BriansClub[.]at address and has been running for many years. The BriansClub's website also imitates Krebs' site and likeness.

An analysis of BriansClub's leaked data revealed that it uploaded details of about 1.7 million cards in 2015 and 2.9 million cards in 2016. The figures increased considerably in the last few years - information on 4.9 million compromised cards was uploaded in 2017 and 9.2 million in 2018. In the first eight months of 2019, nearly 7.6 million records were added to the site.

Most of the data being offered by BriansClub includes "dumps" (strings of zeros and ones) that can be easily encoded onto magnetic stripe cards, enabling thieves to purchase gift cards, electronics, and other items from stores and shops.

According to the security intelligence company Flashpoint, BriansClub holds nearly $414 million worth of stolen credit cards for sale, and earned about $126 million in Bitcoin between 2015 and August 2019 by selling data of 9.1 million cards.

The average cost incurred by the holder of a compromised credit card is estimated at $500 by US federal prosecutors. Based on that value, the sale of 9.1 million cards' data translates to nearly $2.27 billion in losses.

Hacks of many well-known firms and apps, including Capital One, Twitter, Sprint, and even NASA, has happened this year alone.

Perhaps, the most extensive hack in recent years was the 2017 breach of credit reference agency Equifax, which exposed the personal details of more than 145 million customers in the US, Canada and the UK.

An official US government report into the breach accused the company of failing to implement "adequate security" to protect its data.

In July this year, Equifax agreed to pay as much as $700 million in fines and compensation in a settlement with US regulators over the breach.