CARDING site B1ack’s Stash has released 4.6 million stolen credit and debit card records for free, not due to a law enforcement action but as a disciplinary measure after sellers on its marketplace were found reselling data on competing platforms. Each record is reported to include full PAN, expiry, CVV2, cardholder name, billing address, email, phone and IP address, according to SOCRadar’s analysis.
After the purge, about 4.3 million records are described as fresh and potentially usable, with the United States accounting for around 70 percent of the cards, and the UK, Canada, France and Malaysia among the other top source countries. The dump follows a pattern of B1ack’s Stash using free releases as marketing; similar actions occurred in April 2024 and February 2025 when the group released large numbers of cards.
The operation’s reach is global, with data suggesting skimming or phishing campaigns targeting English-speaking and high-purchasing-power markets, and the report notes the potential for fraud beyond card-not-present use.