B1ack's Stash, a dark-web carding marketplace active since at least 2023, released approximately 4.6 million stolen credit card records for free on May 18, 2026 (securityweek.com). leaksear.ch has indexed 4,162,208 entries from the dump, each containing full payment card details alongside cardholder contact information and source IP addresses (leaksear.ch metadata).
What happened
According to public reporting, the operators of B1ack's Stash published the trove as a punitive measure after suspending sellers who were caught reselling marketplace inventory on competing carding forums (securityweek.com, socradar.io). The release marks the third large free dump from the shop, following a roughly 1 million card giveaway in April 2024 and a roughly 4 million card release in February 2025 (cyberint.com, cybersecuritynews.com).
SOCRadar analysts who validated samples from the May 2026 dump estimated that around 4.3 million of the records remain usable, with the remainder either expired or duplicate entries (socradar.io). Approximately 70 percent of the affected cards were issued in the United States, with Canada, the United Kingdom, France and Malaysia rounding out the top five issuing countries (socradar.io). SOCRadar attributed the underlying data collection to "multiple skimming or phishing campaigns targeting English-speaking and high-purchasing-power markets," rather than to any single corporate breach.
What data was exposed
Each record in the leaksear.ch index combines payment-card data with cardholder contact information:
- Full primary account number (PAN), expiration month and year, and CVV2 verification code
- Cardholder name, billing street address, and issuing country
- Email address, phone number and source IP address captured at the time of the original compromise
The indexed schema lists 4,162,208 records after deduplication against the source file's 4,668,889 rows.
Why this matters
Unlike credential dumps that only enable account takeover, this dataset is directly usable for card-not-present fraud and synthetic-identity setup because each record bundles a payable card with the cardholder's matching billing identity. Affected cardholders should expect targeted phishing and SMS smishing pivots that reference real billing addresses or recent transaction patterns, since attackers can cross-reference the leaked email and phone number with the card data to make outreach more convincing. Issuers face elevated chargeback exposure on cards that have not yet been reissued, and merchants serving the affected geographies (especially the US, Canada and UK) should expect higher fraud attempts against any account whose billing email or phone appears in the dump.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, ip address, name, and phone.