Deep is a part of the internet that search engines don’t crawl. It means that a user can’t access or find something from the Deep web with a Google, Yahoo, or Bing search.
Software tools like Tor are used to access the Deep web.
The Deep web is the place for cybercriminals who conduct business and carry out all of their illegal activities in the shadows. You must have heard bad stories about the Deep web. Unfortunately, many of them are true.
One of these bad stories is carding i.e., selling stolen credit card data on the Deep web. For that, Brians club is one of the largest Deep web forums for trading stolen credit card data and identity theft.
In this blog, we will discuss;
- What is Brians club?
- How does Brians club operate?
- How does Brians club impact cybersecurity?
- Ethical Implication of Identity theft and cybercrime
- Brians club comparison with other Deep web marketplaces
What is Brians club?
Brians club is a Deep web forum for trading stolen credit card information and identity theft. It provides cybercriminals a safe place to conduct business and get paid anonymously.
The forum was accessible via Tor only but now, they have open entries on the surface web too. Such entry points to the Deep web are called ‘mirrors’ where you don’t see the real thing but a reflection.
Brians club started in 2015. The website remained hidden till a 2019 data breach exposed its massive scale of operations.
The breach showed that the website had over 26 million stolen credit card data.
There is another interesting fact about Brians club; its name. The name has nothing to do with the real people behind Brians club; its name actually attempts to mock an investigative journalist ‘Brians Kerbs’ who exposes cybercrime and cybercriminals.
Brian Kerbs also extensively worked on Jokers Stash, which is another Deep web carding marketplace.
How Brians club Operates!
Let’s briefly discuss how Brians club operates.
Brians club’s Business Model
Evidence shows that Brians club operates with a strong business model at its core. The website started in 2015, cracked down in 2019, resurfaced in a few months, and grew over time. All that can’t happen without a functioning business model.
Brians club obtains data through data breaches, hacks, skimming frauds, and phishing frauds. It lets cybercriminals sell such data in ‘packages’. To ensure anonymity, all payments need to be made using cryptocurrencies including Bitcoin, Litecoin, and Monero.
Brians club lets buyers rate every seller and every transaction. Its business model is similar to that of any other marketplace, like Fiverr or Amazon.
Brians club User Interface
Brians club has a very simple and easy-to-use interface. Anyone can navigate the website and perform the action they need to perform. All they need is an email address and a cryptocurrency wallet.
Brians club Revenue
Estimates show that Brians club made about $126 million from 2015 to 2019, and sold around 9.1 million credit cards.
Currently, the price range for each information package of stolen credit cards is $30-200 depending on the card issuer and the victim’s financial health.
Brians club Impact on Cybersecurity
Brians club has a significant impact on cybersecurity. We know that the forum had over 26 million credit cards which was about a third of all the stolen credit cards in the USA at that time. The total losses to businesses and people are estimated to be in billions.
Notable Breaches Linked to Brians club
These data breaches and the related data were eventually traced back to Brians club.
Hy-Vee Supermarket Chain 2019: The store lost valuable customer data in this breach. The stolen data was later found for sale on Brians club.
Sonic Drive-In 2017: A similar hacking attempt was responsible for Sonic Drive-In’s theft of millions of credit card records.
Wawa 2019: Wawa lost customers’ data in 2019. The data was later traded on Brians club.
Other notable hacking incidents include Buca di Beppo (2019) and Dick’s Sporting Goods (2019) data breach.
Law enforcement agencies around the globe especially in the USA are trying hard to shut down Brians club but it is like Hydra or Tiamat. It keeps resurfacing and has never been shut down completely even once.
Comparison with Other Deep Web Carding Sites
Briansclub is not the only player in the carding niche. Here are some other big players wreaking havoc on businesses and individuals.
Comparison Table: Brians club vs other Deep Web Carding Sites
| Feature | Brians club | Joker’s Stash | UniCC | Ferum Shop | ValidCC |
| Year Established | 2018 | 2014 | 2013 | 2015 | 2016 |
| Stolen Records | 26 million+ | 40 million+ | 20 million+ | 15 million+ | 10 million+ |
| Revenue | Billions | Billions | Hundreds of millions | Hundreds of millions | Tens of millions |
| User Interface | User-friendly | Complex | User-friendly | Basic | User-friendly |
| Law Enforcement | High scrutiny | High scrutiny | Moderate scrutiny | Low scrutiny | Moderate scrutiny |
Future of Deep Web Marketplaces
We know that Deep web marketplaces are here to stay as long as the World Wide Web lasts.
Deep web marketplaces have started adopting cryptocurrencies, enhancing anonymity, and decentralizing operations. This has increased Deep web marketplaces’ resilience.
Machine learning and AI are being used to improve the efficiency of such marketplaces. They are getting better at spotting valuable buyers/sellers for them.
We are afraid that Brians club and similar websites will continue to grow, given their progressive adoption of the latest technological advancements.
Conclusion
Brians club has been around since 2015. The Deep web marketplace has survived crackdowns and remained active almost all the time.
Brians club has a large cybercrime ecosystem with a positive feedback loop where it keeps getting stolen credit card data and fresh customers to buy that data.
Two very effective ways to discourage or shut down carding websites like Brians club are to intensify anti-cybercrime efforts and educate people on protecting their data.
Frequently Asked Questions
1. What is Brians club?
Brians club was a high-profile Deep web marketplace where cybercriminals bought and sold stolen credit card information, including CVVs and Fullz. It became infamous for trafficking millions of compromised accounts globally.
2. Why is Brians club considered notorious?
Brians club gained notoriety due to:
- The sheer volume of stolen data (26+ million cards)
- Its professional, user-friendly interface
- Its direct role in enabling global credit card fraud
3. What type of data was sold on Brians club?
- CVVs (credit card numbers, expiry dates, security codes)
- Track 1/2 data for card cloning
- Fullz (full identity profiles including SSN, DOB, address, etc.)
4. How did Brians club acquire the stolen data?
The data was supplied by criminal partners using:
- Point-of-sale (POS) malware
- ATM and gas pump skimmers
- Phishing attacks
- Data breaches at banks and retailers
5. How did users access Brians club?
Access was via the Tor network (part of the Deep web), where users could register anonymously, fund their accounts with cryptocurrency, and browse stolen data like items in an online store.
6. How did Brians club make money?
The site profited by:
- Charging for each card or data set
- Taking commissions from sellers
- Offering bulk sales, premium packages, and loyalty pricing
7. What was the impact of the 2019 data breach of Brians club?
In 2019, over 26 million stolen card records were leaked and shared with financial institutions, helping to prevent further fraud. It was one of the biggest blows to the carding economy at the time.
8. Who exposed Brians club to the public?
Cybersecurity journalist Brian Krebs was instrumental in exposing Brians club and helping authorities understand its scope—ironically, the site was named after him in an attempt to taunt or discredit his work.
9. Is Brians club still active today?
The original site was disrupted following the 2019 leak and increased law enforcement attention, but similar clones and spin-offs have emerged, continuing the cycle of underground credit card trafficking.
10. What can be done to stop platforms like Brians club?
- International law enforcement cooperation
- Tighter regulation of cryptocurrency transactions
- Improved cybersecurity standards for merchants and banks
- Public education on identity protection and phishing prevention