B1ack’s Stash Dumps 4.6 Million Stolen Credit Card Records
Dark web carding marketplace B1ack’s Stash released about 4.6 million stolen credit card records for free after accusing some sellers of reselling data purchased on its platform through rival shops. The forum said it removed roughly 8 million CVV2 records from active inventory and moved 4.6 million into its freebies section, while allowing some trusted sellers to seek reinstatement through support channels. Reporting cited by SC Media and analysis from SOCRadar indicate the exposed dataset is largely authentic, with about 4.3 million records assessed as fresh after excluding duplicates, expired cards, and previously known entries.
The leaked records reportedly include full payment card data along with extensive personally identifiable information, including names, billing addresses, email addresses, phone numbers, and IP addresses. Researchers said the breadth of the data suggests collection through e-skimming or phishing, and warned of immediate risks including card-not-present fraud, identity theft, targeted phishing, and credential abuse. Most affected cards are tied to the United States, with significant exposure also reported in Canada, the United Kingdom, France, and Malaysia, underscoring the international scope of the breach and B1ack’s Stash’s continued use of free data dumps to build notoriety in the cybercrime market.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Researchers assess dump as largely fresh and likely sourced via e-skimming or phishing
SOCRadar assessed the released dataset as consistent with genuine compromise data and estimated roughly 4.3 million records were net new after removing duplicates, expired cards, and previously known entries. Researchers said the breadth of card and personal data suggested collection through e-skimming or phishing, raising risks of fraud, identity theft, and targeted phishing.
B1ack’s Stash releases 4.6 million stolen card records for free
The carding marketplace announced the free release of about 4.6 million stolen credit card records in its Freebies section, reportedly as punishment for rule-breaking sellers. The exposed dataset included payment card details and extensive PII, with most records tied to the U.S. and additional impact in Canada, the U.K., France, and Malaysia.
B1ack’s Stash suspends 8 million CVV2 records over reseller dispute
After accusing some sellers of reselling cards purchased from its platform on competing shops, B1ack’s Stash said it suspended roughly 8 million CVV2 records from active inventory and allowed some trusted sellers to seek reinstatement through support.
B1ack’s Stash reportedly gave away 4 million stolen cards
B1ack’s Stash previously released about 4 million stolen payment card records for free in a similar incident, indicating an established tactic of using large dumps to build notoriety and marketplace credibility.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Underground Listings Promote Massive Stolen Payment Card Dumps
Dark-web monitoring reported new underground listings advertising an alleged **80 million** payment card dump, including claims of CVV/expiration data and download access, with indicators it may be an aggregated collection rather than a single fresh breach (often combining previously leaked data, stealer logs, and other illicit sources). The same monitoring roundup also mentioned separate, unverified listings claiming access or data tied to **Suno**, **ASUS**, and **Air France**, but the payment-card dump was presented as a distinct offering within that weekly set of listings. Separate threat research described the broader **carding-as-a-service (CaaS)** ecosystem in which “dump shops” and marketplaces package stolen card data (e.g., CVVs, magnetic-stripe “dumps,” and identity-rich “fullz”) alongside tooling and support, enabling fraud at scale. The research highlighted that despite takedowns, major marketplaces continue to operate and shape criminal demand, providing context for how large card-dump listings are monetized and why organizations should expect continued availability and reuse of stolen payment data across multiple criminal venues.
Mar 21, 2026
Carding Mafia Forum Breached Twice, Exposing Nearly 600,000 Criminal Marketplace Accounts
The cybercrime forum **Carding Mafia**, which was used for the theft and trading of stolen credit cards, suffered two separate data breaches in 2021 that together exposed records tied to nearly **600,000 member accounts**. One breach in **March 2021** affected nearly 300,000 members, while a second breach in **December 2021** exposed more than 300,000 more, showing repeated compromise of the same criminal platform within nine months. Across the two incidents, the leaked data included **email addresses, usernames, IP addresses, and passwords hashed with salted `MD5`**. Both breaches were classified as **sensitive** and were not made publicly searchable by Have I Been Pwned, but the disclosures highlight that even illicit forums can become sources of credential exposure, infrastructure intelligence, and attribution data for defenders and investigators.
Mar 27, 2026
Jerry’s Store Exposed 345,000 Stolen Credit Cards via AI-Coded Dashboard
Jerry’s Store, a carding marketplace used to verify stolen payment cards, exposed roughly **345,000** credit card records after a misconfigured server left an unauthenticated web directory publicly accessible. Reporting indicates the operators used the AI-assisted coding tool **Cursor** to build a statistics dashboard, but the generated implementation exposed logs, development details, and sensitive cardholder data instead of restricting access. The leaked records included card numbers, expiration dates, `CVV` values, names, and addresses; about **145,000** cards were marked valid and nearly **200,000** invalid, with the valid inventory alone estimated to be worth **$1 million to $2.6 million** on dark-web markets. The exposed infrastructure also revealed how the marketplace tested stolen cards through small, low-risk transactions at legitimate merchants including **Amazon, Temu, Lyft, Grubhub, Sam’s Club, Elf Cosmetics, and CountryMax**. Researchers said Jerry’s Store launched in late 2023, primarily targeted victims in the US and EU, and may be run by a Chinese-speaking administrator using infrastructure hosted in Germany, possibly through a bulletproof hosting provider. The server was reportedly discovered on April 16, and the leak offered an unusual view into both the marketplace’s stolen-card inventory and its operational methods.
May 2, 2026