NEW YORK — A major Dark Web marketplace for stolen payment card data has released approximately 4.6 million compromised credit and debit card records for free after accusing some of its own sellers of violating marketplace rules, according to cybersecurity firm SOCRadar.
SOCRadar said the marketplace, known as “B1ack’s Stash,” announced on an underground criminal forum that it had suspended roughly 8 million stolen CVV2 records from active inventory after discovering some sellers were allegedly reselling cards purchased through the platform in competing marketplaces.
Rather than simply removing the data, operators of the marketplace instead released approximately 4.6 million stolen records through the site’s “Freebies” section, according to SOCRadar’s analysis.
‘Second-Chance’ Offer
The cybersecurity firm said the forum post, written in both English and Russian, also offered certain sellers deemed trustworthy a “second chance” through a support-ticket process and hinted at the launch of a new card database.
SOCRadar said the leaked data follows a format commonly seen in carding databases and includes:
- Full 16-digit payment card numbers
- Expiration dates
- CVV2 security codes
- Cardholder names
- Billing addresses
- Email addresses
- Phone numbers
- IP addresses
The company said the breadth of personal and financial information suggests the data was likely harvested through e-commerce skimming campaigns or phishing operations.
U.S. Consumers Primary Victims
According to SOCRadar, U.S. consumers appear to be the primary victims, accounting for roughly 70% of the compromised records analyzed by the company’s Dark Web research team.
Canada and the United Kingdom followed at a “significant distance,” while France and Malaysia rounded out the top five countries represented in the data set, SOCRadar said.
The company said the presence of records tied to financial centers in Hong Kong, Singapore, Thailand and Malaysia indicates the information likely originated from multiple international skimming or phishing campaigns rather than a single operation.
SOCRadar noted that some lesser-known domains appearing in the data, including rhyta.com and dayrep.com, are associated with disposable or temporary email services.
B1ack’s Stash has operated since at least 2023 and has become one of the more prominent Dark Web marketplaces for buying and selling stolen payment card information, according to SOCRadar.
