one of the biggest underground stores that sell stolen credit card data has been compromised by hackers. The information stolen from BriansClub comprises over 26 million debit and credit card data retrieved from hacked brick-and-mortar and online retailers in the last four years. That includes almost eight million records that were uploaded to the store in the year 2019 alone.brainsclub

The month before, KrebsOnSecurity was contacted by an individual who had sent a plain text file that contained what was said to be the entire catalog of cards that are available at present and in the past through BriansClubThe BriansClub. At, a flourishing fraudulent bazaar named in honor of this author. Imitating my website, appearance and name, BriansClub even boasts of an copyright and cites at the bottom of every webpage: "(c) 2019 Crabs on Security."

A number of people who looked over the database that I shared with my source verified that the exact credit card information were available in a less redacted version just by searching the BriansClub Website that has a valid, well-funded account.

The card information taken from BriansClub is shared various sources that work with financial institutions in order to find and track or reissue cards which are advertised on criminal underground.

The data leaked shows the year 2015 was when BriansClub had just 1.7 million card data records to sell. However, business would grow over the years following in 2016: BriansClub posted 2.89 millions of stolen card, while 2017 saw around 4.9 million cards added. 2018 saw 9.2 million .

From January to August of 2019 (when that database image was captured), BriansClub added roughly 7.6 million cards.

The majority of the items available at BriansClub is "dumps," strings of zeros and ones thatwhen encoded onto any object that has a magnetic stripe that's the size of the credit card could be utilized by thieves to purchase electronic devices, gift cards, and other expensive items from large box stores.

As is evident in this table (taken from federal hacking charges which involve stolen credit cards will , for sentencing purposes assign each stolen record in order to be a representation of the loss per cardholder who was compromised.

There's no simple method of determining which of BriansClub's approximately 26 million cards on sale at BriansClub remain in use, however the most accurate estimation of the number of un-sold cards with expiration dates to come in the future suggests that the more than 14 million might still be valid.

The archive also provides evidence that how the proprietor(s) of BriansClub often uploading new sets of stolen cards Some of them just a handful of thousands and some hundreds of thousands. brainsclub

This is because, like other card-based websites, BriansClub mostly resells cards that are stolen by cybercriminalscalled affiliates or resellers which earn a portion of every sale. It's unclear which percentage is split in this particular instance but it's possible that the details will be revealed during future analysis of the stolen

In a post titled "Your site has been compromised," BriansClub asked for a response from BriansClub through on the "Support Tickets" page on the website of the carding store and informing the operators that all the card information was transferred to the banks that issue cards.