The notorious B1ack’s Stash dark web carding marketplace has announced the free download of 4.6 million stolen credit card records.
The data, it says, was dumped after sellers were caught reselling card data purchased from B1ack’s Stash on competing platforms, a violation of the marketplace’s policies.
B1ack’s Stash allegedly suspended 8 million stolen CVV2 records in response to the sellers’ misconduct, and decided to release the card data for free, instead of deleting it from its inventory.
According to SOCRadar, the released data includes full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses.
Based on the availability of full card details and payment data, the information was likely stolen as part of e-skimming or phishing operations, SOCRadar says.
The cybersecurity firm says it has validated the authenticity of some of the records. Analysis of the data showed that some of the cards had expired or were duplicate entries.
Overall, 4.3 million records appear to be new and likely usable for illicit activities, SOCRadar says.
The stolen credit cards are sourced worldwide, but approximately 70% of them are from the US. Canada, the UK, France, and Malaysia round out the top five.
“The presence of Asian financial hubs like Hong Kong, Singapore, Thailand, and Malaysia in the top 15 suggests the dataset is not solely the product of a single regional operation, but draws from multiple skimming or phishing campaigns targeting English-speaking and high-purchasing-power markets globally,” SOCRadar notes.
B1ack’s Stash has been operating on the dark web since at least 2023, becoming one of the most active shops for stolen credit card data.
In April 2024, the marketplace offered 1 million credit cards to anyone who registered. In February 2025, it released over 4 million stolen credit cards for free, likely to attract more users.
The newly dumped cards are expected to fuel card-not-present (CNP) fraud activities, such as illicit online purchases. The accompanying information may allow cybercriminals to open fraudulent accounts, apply for credit, or launch convincing phishing attacks.
“The richness of the leaked records – full PAN, CVV2, expiration date, billing address, full name, email, phone, and IP address in a single entry – creates compounding risks that go well beyond simple card fraud,” SOCRadar says.
Related: Chilean Carding Shop Operator Extradited to US
Related: Carding Marketplace BidenCash Shut Down by Authorities
Related: US Announces Charges, Sanctions Against Russian Administrator of Carding Website
Related: Underground Carding Marketplace Joker’s Stash Announces Shutdown
