On February 19, 2025, the illicit carding marketplace B1ack's Stash released a dataset containing over 1 million stolen credit and debit cards on a dark web forum.
The free leak, reminiscent of previous tactics used by cybercriminal groups like BidenCash, is a marketing strategy designed to boost engagement on the platform by distributing stolen data en masse. This latest release follows previous multi-million card leaks by B1ack's Stash, reinforcing its status as a growing threat in the underground financial fraud ecosystem.
D3Lab
Giving away stolen credit cards
The leak was first announced on February 17, 2025, through a well-known deep web forum commonly used for sharing and selling stolen financial data. Initially, the post claimed that 4 million cards would be leaked, but the actual release contained 1,018,014 unique cards, split into six downloadable archives. Of these, 192,174 cards were issued by European financial institutions.
The dataset includes highly sensitive information, such as:
- Primary Account Number (PAN)
- Card expiration date and CVV2
- Cardholder's full name, address, date of birth, and phone number
- Associated email addresses
- IP addresses and User-Agent details used during the compromised transaction
This level of detail greatly increases the risk of financial fraud and identity theft, as cybercriminals can use the exposed information not only for unauthorized transactions but also for targeted phishing attacks.
An analysis of the leaked dataset by D3Lab suggests that the cards were compromised through web skimming — a method where malicious JavaScript code is injected into online payment pages to intercept credit card details in real time. The presence of IP addresses and User-Agent data further supports this hypothesis, as such details are typically captured when a web skimmer operates during a transaction.
D3Lab
Web skimming remains one of the most prevalent and dangerous threats to online retailers, allowing cybercriminals to harvest payment data without directly breaching bank databases. This method has been widely exploited in previous high-profile breaches, including attacks on e-commerce platforms and major retail chains.
The growing B1ack's Stash threat
B1ack's Stash is an emerging dark web marketplace specializing in stolen payment card data. It first appeared on April 30, 2024, and quickly gained notoriety by leaking 1 million stolen credit cards for free. The platform has since released multiple large-scale dumps, including many that were given away to registered members for free.
Unlike traditional underground carding sites that sell small batches of stolen cards, B1ack's Stash leverages free mass leaks as a promotional tool — a strategy similar to the BidenCash marketplace, which previously leaked millions of stolen cards to attract new users.
The marketplace allows criminals to purchase stolen credit and debit cards categorized by issuing bank and country, access magnetic stripe dumps for creating physical card clones, and obtain “Fullz” data, which includes complete personal details necessary for identity fraud. Additionally, the platform offers refund policies and guarantees, further legitimizing its operation within the cybercriminal community.
While some of the leaked credit cards may be expired or previously canceled, the exposure of personal details still poses a significant security risk. Cybercriminals can use this information for:
- Identity Theft – Using stolen personal data to apply for loans, open fraudulent accounts, or commit tax fraud.
- Phishing and Social Engineering – Scammers can craft convincing phishing emails or phone scams using leaked data.
- Credential Stuffing Attacks – If victims reuse passwords across multiple services, attackers may gain access to additional accounts.
Apple Removes iCloud Encryption in the UK After Govt Backdoor Order
Leave a Reply