According to new analysis by the SOCRadar threat intelligence team, B1ack’s Stash, one of the most active illicit card shops on the Dark Web, has announced the free release of approximately 4.6 million stolen credit card records, this time framing it as a response to seller misconduct on its own platform.
Through a forum post targeting the criminal underground, B1ack Stash recently declared the suspension of approximately 8 million stolen CVV2 records from its active inventory. The stated reason: sellers on the platform had been reselling cards purchased from B1ack’s Stash in competing shops, violating the marketplace’s internal rules. Rather than simply removing the affected cards, the operator/s behind the marketplace chose to release approximately 4.6 million of them as a free download, directing users to the marketplace’s Freebies section.
The leaked data, appearing to be sourced from e-commerce skimming or phishing operations, includes:
- Full credit/debit card numbers
- Expiration dates
- CVV2 code
- Cardholder’s full name
- Billing address
- Email address
- Phone number
- IP address
SOCRadar’s analysis found the records consistent with genuine compromise data, passing BIN and algorithm checks. After filtering duplicates, expired cards, and previously known entries, an estimated 4.3 million cards appear to be net new and potentially actionable. SOCRadar’s validation of the dataset is ongoing.
For full details on this leak, including geographical breakdown, and threat actor breakdown, the analysis can be read here: https://socradar.io/blog/b1acks-stash-4-6-million-stolen-credit-cards-free/
Related
This entry was posted on May 18, 2026 at 1:28 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free
According to new analysis by the SOCRadar threat intelligence team, B1ack’s Stash, one of the most active illicit card shops on the Dark Web, has announced the free release of approximately 4.6 million stolen credit card records, this time framing it as a response to seller misconduct on its own platform.
Through a forum post targeting the criminal underground, B1ack Stash recently declared the suspension of approximately 8 million stolen CVV2 records from its active inventory. The stated reason: sellers on the platform had been reselling cards purchased from B1ack’s Stash in competing shops, violating the marketplace’s internal rules. Rather than simply removing the affected cards, the operator/s behind the marketplace chose to release approximately 4.6 million of them as a free download, directing users to the marketplace’s Freebies section.
The leaked data, appearing to be sourced from e-commerce skimming or phishing operations, includes:
SOCRadar’s analysis found the records consistent with genuine compromise data, passing BIN and algorithm checks. After filtering duplicates, expired cards, and previously known entries, an estimated 4.3 million cards appear to be net new and potentially actionable. SOCRadar’s validation of the dataset is ongoing.
For full details on this leak, including geographical breakdown, and threat actor breakdown, the analysis can be read here: https://socradar.io/blog/b1acks-stash-4-6-million-stolen-credit-cards-free/
Share this:
Like this:
Related
This entry was posted on May 18, 2026 at 1:28 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.