Security researcher Brian Krebs posted that “BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone. All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.
Commenting on this, Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), said “Whether you’re running a global enterprise, a startup, small business or a shop for stolen data there are several truths in cybersecurity. First, the attackers define the rules of the attack and the best you can do is defend against their actions. Second, the only data ever taken is data available for the taking. When designing your data collection and storage procedures, it’s critical to look at all data operations through the lens of what would happen if there was absolutely nothing preventing your biggest competitor or worst enemy from downloading that data. Is all the data appropriately encrypted? Are all access attempts audited? Is modification controlled? For these questions, and many more, the next question becomes one of “How” and it’s how you approach these questions and their answers which distinguishes a successful cybersecurity initiative from one likely to make the news for the wrong reasons.”