B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
The dark web marketplace B1ack’s Stash has released 4. 6 million stolen credit card records for free download, allegedly as a response to seller misconduct involving unauthorized reselling of card data. The dataset includes full card details such as card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses. Approximately 70% of the cards are from the US, with other significant portions from Canada, the UK, France, and Malaysia. The data is believed to originate from multiple e-skimming and phishing campaigns targeting global, high-purchasing-power markets. The release of this rich dataset increases risks beyond simple card fraud, including potential fraudulent account openings and phishing attacks. The marketplace has a history of similar releases, indicating ongoing risks to financial institutions and consumers. No patch or remediation applies as this is a data breach and leak rather than a software vulnerability.
AI Analysis
Technical Summary
B1ack’s Stash, a dark web carding marketplace active since at least 2023, publicly released 4.6 million stolen credit card records for free download. This release followed the suspension of 8 million stolen CVV2 records after sellers violated marketplace policies by reselling data on competing platforms. The leaked dataset contains comprehensive payment and personal information, validated in part by cybersecurity firm SOCRadar, and is sourced globally with a majority from the US. The data likely stems from multiple phishing and e-skimming operations. The release is expected to facilitate card-not-present fraud, fraudulent account creation, and phishing attacks. This event represents a significant compromise of payment card data but is not a software vulnerability and thus does not have a patch or fix.
Potential Impact
The impact includes increased risk of card-not-present fraud, fraudulent online purchases, identity theft, and phishing attacks due to the availability of full card details and associated personal information. The richness of the data allows attackers to perform more convincing social engineering and financial fraud. Approximately 4.3 million of the records are new and likely usable for illicit activities. The breach affects a global set of victims, predominantly in the US, but also in Canada, the UK, France, Malaysia, and other countries. There is no direct remediation for this data leak, and the threat persists as long as the data circulates in criminal communities.
Mitigation Recommendations
There is no patch or official fix available for this data leak as it involves stolen data released by a criminal marketplace. Organizations should monitor for fraudulent transactions and consider enhanced fraud detection measures. Affected individuals should be advised to monitor their financial statements and consider credit monitoring or freezes. Financial institutions and payment processors should continue to apply existing fraud prevention controls and collaborate with law enforcement. No direct remediation from the vendor or marketplace is possible.
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
Description
The dark web marketplace B1ack’s Stash has released 4. 6 million stolen credit card records for free download, allegedly as a response to seller misconduct involving unauthorized reselling of card data. The dataset includes full card details such as card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses. Approximately 70% of the cards are from the US, with other significant portions from Canada, the UK, France, and Malaysia. The data is believed to originate from multiple e-skimming and phishing campaigns targeting global, high-purchasing-power markets. The release of this rich dataset increases risks beyond simple card fraud, including potential fraudulent account openings and phishing attacks. The marketplace has a history of similar releases, indicating ongoing risks to financial institutions and consumers. No patch or remediation applies as this is a data breach and leak rather than a software vulnerability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
B1ack’s Stash, a dark web carding marketplace active since at least 2023, publicly released 4.6 million stolen credit card records for free download. This release followed the suspension of 8 million stolen CVV2 records after sellers violated marketplace policies by reselling data on competing platforms. The leaked dataset contains comprehensive payment and personal information, validated in part by cybersecurity firm SOCRadar, and is sourced globally with a majority from the US. The data likely stems from multiple phishing and e-skimming operations. The release is expected to facilitate card-not-present fraud, fraudulent account creation, and phishing attacks. This event represents a significant compromise of payment card data but is not a software vulnerability and thus does not have a patch or fix.
Potential Impact
The impact includes increased risk of card-not-present fraud, fraudulent online purchases, identity theft, and phishing attacks due to the availability of full card details and associated personal information. The richness of the data allows attackers to perform more convincing social engineering and financial fraud. Approximately 4.3 million of the records are new and likely usable for illicit activities. The breach affects a global set of victims, predominantly in the US, but also in Canada, the UK, France, Malaysia, and other countries. There is no direct remediation for this data leak, and the threat persists as long as the data circulates in criminal communities.
Mitigation Recommendations
There is no patch or official fix available for this data leak as it involves stolen data released by a criminal marketplace. Organizations should monitor for fraudulent transactions and consider enhanced fraud detection measures. Affected individuals should be advised to monitor their financial statements and consider credit monitoring or freezes. Financial institutions and payment processors should continue to apply existing fraud prevention controls and collaborate with law enforcement. No direct remediation from the vendor or marketplace is possible.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/b1acks-stash-marketplace-gives-away-4-6-million-stolen-credit-cards/","fetched":true,"fetchedAt":"2026-05-19T12:06:37.968Z","wordCount":1034}
Threat ID: 6a0c524dec166c07b09c4541
Added to database: 5/19/2026, 12:06:37 PM
Last enriched: 5/19/2026, 12:06:45 PM
Last updated: 5/19/2026, 1:16:00 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.