Introduction

On February 19, 2025, the illegal marketplace B1ack’s Stash released a massive collection of sensitive data containing over 1 million unique credit and debit cards. This free release follows the strategy previously used by BidenCash, where criminals distribute stolen data en masse to promote their marketplace.

The Leak Announcement

The announcement of the release was shared on February 17 on a well-known deep web forum, commonly used for selling and sharing data leaks. The post promised the release of 4 million free credit cards, with the actual upload of 6 archives containing 1,018,014 unique cards. Among these, 192,174 were issued by European financial institutions.

Screenshot of the announcement posted on the forum:

Analysis of the Released Data

The leaked data contains highly sensitive information, including:

• PAN (Primary Account Number) of the credit/debit card
• Expiration date and CVV2
• Cardholder’s personal details (Full Name, Address, Date of Birth, Phone Number)
• Associated email address
• IP address and User-Agent used during the compromised transaction

An example of a record (with sensitive data redacted):

4539********8255|05/2025|***|BIxxxI FEyyyCA||Bologna|BO|IT|3933*******|fb******@libero.it|03-04-1971|151.42.**.**|Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/102.0.5005.62

Source of the Data Leak: Web Skimming

The analysis indicates that the data was likely stolen using Web Skimming techniques. This method involves inserting malicious JavaScript code into compromised e-commerce payment pages, intercepting sensitive data entered by users in real-time.

The inclusion of User-Agent and IP address data supports the hypothesis that a web skimmer was used to steal the information.

Inside the B1ack’s Stash Marketplace

The B1ack’s Stash marketplace used this free release as a marketing strategy to attract new users. After the initial free drop, additional cards were made available for purchase, typically priced around $25 each.

Screenshots of the B1ack’s Stash marketplace:

Cards are categorized based on type (credit, debit, prepaid) and sorted by issuing country and bank. The dumps also include magnetic stripe data, allowing criminals to create physical card clones.

Risks and Implications

The public release of such detailed data significantly increases the risk of:

• Financial fraud: Direct use of stolen cards for online purchases.
• Identity theft: Personal data can be exploited for further illicit activities.
• Targeted phishing: Email addresses and phone numbers can be used for sophisticated phishing campaigns.

Recommendations

For financial institutions and end-users:

• Banks and issuers should implement enhanced monitoring on potentially compromised cards and promptly notify affected customers.
• Online merchants must ensure their payment systems are secure to prevent Web Skimmer intrusions.
• End-users should regularly check their bank statements and report any suspicious activity immediately.

Conclusion

This massive data breach highlights the critical need for proactive cybersecurity measures, particularly in securing online payment systems. Web Skimming remains one of the most prevalent threats to e-commerce platforms and credit card holders.