Thousands of cyber-criminals have had their personal data leaked online after a popular carding forum was hacked, according to Group-IB.
The Singapore-based security firm said it discovered that data belonging to users of the Swarmshop site was leaked to another underground forum on March 17.
“The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity and current balance,” explained Group-IB.
“In addition to user data, the database exposed all compromised data traded on the website, including 623,036 payment card records issued by the banks from the US, Canada, the UK, China, Singapore, France, Brazil, Saudi Arabia, Mexico; 498 sets of online banking account credentials; and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.”
With over 12,000 users and more than 600,000 payment card records up for sale, Swarmshop is a mid-sized site for buyers and sellers of stolen card data.
This is the second time in just over a year that it has been the subject of a successful cyber-attack.
In January 2020, the site’s records were leaked on another underground site by what Group-IB claimed was likely to be a vengeful user.
It’s unclear whether the two incidents were connected in some way . In total, four site admins, 90 sellers, and 12,250 buyers had their details exposed in the most recent attack.
Dmitry Volkov, Group-IB CTO, argued that such incidents are rare and on this occasion, revenge was probably once again the motive.
“This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status,” he claimed.