In an instance of robbers getting robbed, a large underground store for buying stolen credit card data has been hacked. Cyber-security journalist Brian Kerbs has reported that data stored by BriansClub, a dubious website that shares his name, was stolen.
BriansClub hosted more than 26 million credit and debit card records pilfered from online and physical retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
"Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account," wrote Kerbs.
The cyber-security journalist complains that the fraud website has been piggybacking on the cybersecurity journalist’s online popularity to carry on their activities, even using his image in one of their ads.
Data accessed by Kerbs shows that the blackmarket website added just 1.7 million card records for sale, and added 2.89 million stolen cards in 2016, 4.9 million cards in 2017 and 9.2 million in 2018. The addition between January and August 2019 was roughly 7.6 million cards.
BriansClub holds approximately £325 million worth of stolen credit cards for sale, according to an analysis byNew York-based security intelligence firm Flashpoint.
"All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground," Kerbs wrote.
"There is no honour among thieves," noted Sam Curry, chief security officer at Cybereason.
"The asymmetry of cyber-conflict is undeniable, and while cybercriminals and nation state attackers probe for holes at their leisure, it’s important to remember that the tables can be turned. Predator can become prey when they are successful enough," he said.