In a significant escalation of illicit activities, B1ack’s Stash, a notorious dark web carding marketplace, has announced plans to release an additional 4 million stolen credit card records for free.
This move is part of a broader strategy to attract cybercriminals and establish credibility within the underground economy.
The marketplace first gained attention in April 2024 by releasing 1 million stolen payment card details, a tactic commonly used by similar platforms like the now-defunct Joker’s Stash.
.png
)
Background and Operations
B1ack’s Stash emerged in April 2024 and quickly became known for distributing stolen credit and debit card information.
Despite comparisons to Joker’s Stash, one of the largest and most infamous carding marketplaces that operated from 2014 to 2021, B1ack’s Stash is believed to operate independently.
It has been actively promoting itself across various dark web forums, including XSS, Exploit, Verified, Club2CRD, WWH Club, and ASCarding.
Additionally, it maintains a popular Telegram channel with over 2,700 subscribers, where it occasionally posts advertisements for selling credit card data in both English and Russian.
The recent data dump, announced on February 19, 2025, includes sensitive information such as Primary Account Numbers (PANs), expiration dates, CVV2 codes, cardholders’ personal details, email addresses, IP addresses, and User-Agent strings.
According to DarkOwl, this comprehensive data release poses significant risks, including financial fraud and identity theft, as it enables cybercriminals to commit fraud, resell stolen credentials, and facilitate identity theft.
Impact and Reactions
The release of such extensive data highlights the persistent threat posed by dark web marketplaces like B1ack’s Stash.
While some users have questioned the legitimacy of the marketplace, others have acknowledged it as a “legitimate” fraud site.
The mixed reactions from the dark web community reflect both skepticism and acceptance of B1ack’s Stash’s operations.
The marketplace’s ability to attract attention and build a presence across multiple platforms underscores the evolving nature of cybercrime and the need for enhanced cybersecurity measures.
In response to these threats, organizations must proactively monitor for compromised credentials, implement robust fraud detection systems, and educate users about the risks associated with stolen payment information.
Collaboration between law enforcement, financial institutions, and cybersecurity professionals is crucial to anticipate and counter emerging threats in underground marketplaces like B1ack’s Stash.
Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.
