← All articles

B1ack's Stash dark-web carding marketplace dumps 4.6 million credit-card records for free as 'punishment' for seller misconduct

B1ack's Stash, a dark-web carding marketplace operating since at least 2023, has released roughly 4.6 million stolen credit-card records as a free download. The market frames the dump as punishment for sellers caught reselling its data on rival platforms; SOCRadar says the marketplace also suspended about 8 million additional CVV2 records. The records include full PAN, CVV2, expiration date, billing address, full name, email, phone number, and IP address, which makes them directly usable for card-not-present fraud and account-opening fraud. This is the third free dump B1ack's Stash has used as a customer-acquisition tactic since its 2024 emergence.

Check
Run BIN lookups across the leaked card ranges (via SOCRadar or Recorded Future feeds your IR partner provides) for your issued cards. Increase card-not-present fraud monitoring for 30-60 days.
Affected
Roughly 4.6 million cardholders in the dump - mostly US, Canada, UK, Australia, Puerto Rico per historical B1ack's Stash regional distribution. Direct fraud-of-card risk for all holders.
Fix
For impacted issuers: pre-emptive reissue of cards seen in the dump. For consumers: monitor card statements, enable transaction notifications, and freeze cards if anomalous transactions appear. Phishing risk also elevated.