In one of the largest black market sites for the sale of credit card data, BriansClub, hackers stole the information for more than 26 million payment cards.
According to security blogger Brian Krebs, a source published a plain text file last month that purported to contain the whole database of cards offered for sale at BriansClub both currently and in the past.
That collection includes information that was obtained illegally from brick-and-mortar stores during the previous four years, including roughly 8 million uploaded so far this year.
According to Krebs, those who work for financial institutions that identify, monitor, or reissue compromised cards that appear for sale on criminal forums have access to the carder site data. According to Krebs, BriansClub mainly resells cards that have been stolen by affiliates or resellers who receive a portion of each sale (currently unknown).
As we've previously said in our coverage on credit card theft, "carding" is a catch-all phrase for a number of similar crimes, such as:
stealing card numbers via malware planted on point-of-sale systems in restaurants or retail establishments or skimming devices, which are frequently installed at petrol stations.
Purchase and sale of credit card numbers and linked personal data.
committing online fraud using card information obtained illegally, frequently to purchase goods for resale at a discount.
creating false cards that charge other people's accounts by encoding them with stolen info.
using phony cards to make ATM withdrawals in exchange for a portion of the money.
using phony credit cards to go on spending binges and purchase goods to resell at a loss.
According to Krebs, the majority of items offered for sale at BriansClub are data strings that can be encoded onto anything with a magnetic stripe the size of a credit card and used to conduct such fraudulent card-spending sprees.