BURSTDark web carding marketplace B1ack’s Stash has announced the release of 4 million stolen credit card details at no cost to cybercriminals.
This massive data leak, publicized on February 19, 2025, represents one of the largest freely distributed caches of financial data in recent history, posing significant risks for both financial institutions and cardholders worldwide.
The marketplace, which emerged on April 30, 2024, has rapidly established itself as a prominent player in the underground carding ecosystem.
B1ack’s Stash initially gained notoriety by releasing 1 million stolen payment card details for free last year, a strategy clearly designed to attract cybercriminals to its platform.
This latest release appears to follow the same pattern of using massive data dumps as both a marketing tactic and a means to establish credibility within cybercrime communities.
DarkOwl researchers identified that the leaked data encompasses a comprehensive array of sensitive information, including Primary Account Numbers (PANs), expiration dates, CVV2 codes, cardholder personal details, email addresses, IP addresses, and User-Agent strings.
This level of detail enables criminals to conduct various forms of financial fraud, identity theft, and credential reselling.
The marketplace operators have been actively promoting their services across prominent dark web forums, including XSS, Exploit, Verified, Club2CRD, WWH Club, and ASCarding since spring 2024.
Their promotional strategy has been aggressively multi-platform, including a Telegram channel that has attracted 2,755 subscribers.
.webp)
The extensive personal identifiable information exposed in their February 2025 data dump, including names, dates of birth, email addresses, credit card numbers, CVV codes, expiration dates, physical addresses, and IP information.
Distribution Methodology and Community Reaction
B1ack’s Stash employs a sophisticated distribution system for their stolen data. They segment their databases by geographical indicators and data composition.
For instance, one database named “0626__US_CA__UA__PHONE__IP__EMAIL” contained records from multiple countries including Australia, Canada, Great Britain, Jamaica, Puerto Rico, and the United States, with each record containing comprehensive financial and personal data.
Community reactions to B1ack’s Stash have been mixed across the dark web. Some users have questioned the legitimacy of the cards, with one Telegram user on ASCarding’s official channel reporting limited success with non-VBV cards from the marketplace.
Despite these concerns, Dark Web Informer, a cyber threat intelligence platform, acknowledged on February 17, 2025, that B1ack’s Stash is indeed a “legitimate” fraud site, confirming its status as a genuine threat rather than a scam operation.
The continuous leaks of sensitive financial data underscore the urgent need for enhanced cybersecurity measures, including proactive monitoring for compromised credentials, implementation of robust fraud detection systems, and improved user education about risks associated with stolen payment information.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free appeared first on Cyber Security News.