B1ack's Stash dark-web carding marketplace dumps 4.6 million credit-card records for free as 'punishment' for seller misconduct
B1ack's Stash, a dark-web carding marketplace operating since at least 2023, has released roughly 4.6 million stolen credit-card records as a free download. The market frames the dump as punishment for sellers caught reselling its data on rival platforms; SOCRadar says the marketplace also suspended about 8 million additional CVV2 records. The records include full PAN, CVV2, expiration date, billing address, full name, email, phone number, and IP address, which makes them directly usable for card-not-present fraud and account-opening fraud. This is the third free dump B1ack's Stash has used as a customer-acquisition tactic since its 2024 emergence.
- Check
- Run BIN lookups across the leaked card ranges (via SOCRadar or Recorded Future feeds your IR partner provides) for your issued cards. Increase card-not-present fraud monitoring for 30-60 days.
- Affected
- Roughly 4.6 million cardholders in the dump - mostly US, Canada, UK, Australia, Puerto Rico per historical B1ack's Stash regional distribution. Direct fraud-of-card risk for all holders.
- Fix
- For impacted issuers: pre-emptive reissue of cards seen in the dump. For consumers: monitor card statements, enable transaction notifications, and freeze cards if anomalous transactions appear. Phishing risk also elevated.