In a bold marketing move, emerging dark web marketplace B1ack's Stash released over 1 million stolen credit and debit card records on February 19, 2025, making the sensitive financial data freely available on underground forums.
The massive data dump contains 1,018,014 unique cards, including nearly 200,000 cards issued by European banks. The leaked information extends far beyond basic card details, exposing cardholders' full names, addresses, birth dates, phone numbers, email addresses, and even IP data from compromised transactions.
Security researchers at D3Lab analyzing the dataset believe the cards were stolen through web skimming attacks, where malicious code injected into payment pages captures card data during online purchases. The presence of IP addresses and browser details in the leak supports this assessment.
B1ack's Stash, which launched in April 2024, has quickly risen to prominence in underground circles by repeatedly releasing large caches of stolen cards for free. This latest leak follows their established pattern of using mass data giveaways to attract new users to their platform, similar to tactics previously employed by other illicit marketplaces like BidenCash.
The platform operates as a full-service criminal enterprise, offering stolen cards sorted by issuing bank and country, magnetic stripe data for creating counterfeit cards, and complete identity packages known as "Fullz." They even provide refund policies and guarantees to their criminal clientele.
While some exposed cards may already be canceled, the leaked personal information creates lasting risks for identity theft, targeted phishing scams, and account takeover attempts. Criminals can leverage the detailed personal data to craft convincing fraud schemes or attempt to access victims' other online accounts.
The incident highlights the ongoing threat of web skimming to online retailers and their customers, as attackers continue harvesting payment data through compromised e-commerce sites rather than directly breaching financial institutions.