In an ironic twist of fate, BriansClub, a black market site that contains stolen credit cards, was hacked to rescue the data of more than 26 million credit and debit cards.
KrebsOnSecurity reports that the data stolen in August from the site, which goes by the name BriansClub[.]at was shared with financial institutions who were able to identify, monitor, and reissue cards that were compromised.
The card information was obtained by hacking online and brick-and-mortar retailers over four years. In 2019 alone, about 8 million records were uploaded to the site. Additional data obtained from the hack shows that BriansClub took 1.7 million cards in 2015, 2.9 million in 2016, 4.9 million in 2017, and 9.2 million in 2018. All in all, the security intelligence firm Flashpoint estimates that the site had approximately $414 million worth of stolen credit cards for sale.
Flashpoint said that the site sold a total of 9.1 million of these stolen credit cards, earning themselves $126 million in Bitcoin in the process. Fourteen million of the 26 million cards obtained by the hack may be still valid.
While most hacks negatively impact people and compromise personal information, hacks like this result in justice served.
Allison Nixon, the director of security research at Flashpoint, told Brian Krebs of KrebsOnSecurity, “When people talk about ‘hacking back,’ they’re talking about stuff like this. “As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it.”
Still, hacking negatively impacts people more than anything. In 2019 alone, there have been quite a few large hacks of well-known companies and apps. These include Sprint, Words with Friends, NASA, Capital One, and even Twitter.
Perhaps the most serious hack in history was the Equifax breach of 2017. The data loss exposed the sensitive financial data of more than 145 million consumers in the U.S., and several million in the U.K. as well. Its effects also reverberated beyond the intrusion proper to impact U.S. consumers with records held by Equifax competitor TransUnion.