article featured image


A database that contains nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers was leaked exposing more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, according to Group-IB researchers.

A carding forum represents a digital space where stolen credit card information is shared and methods on how to steal card information are discussed.

Swarmshop is a quite new carding forum, operating since April 2019 and having so far more than 12,000 users.

Swarmshop Leak


Specific details about the hack are still unknown but it looks like the leak is leaving exposed 12,344 records containing nicknames, hashed passwords, contact details, activity history of Swarmshop administrators, sellers, and buyers.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The Swarmshop leak includes details from 623,036 payment cards issued by banks in the U.S., Canada, U.K., China, Singapore, France, Brazil, Saudi Arabia, and Mexico and also 498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.

The attackers that breached Swarmshop did not offer any information regarding the hack and they just leaked a message with a link to the database.

In total, the databased revealed the records of 4 cardshop admins, 90 sellers, and 12,250 buyers of stolen data, including their nicknames, hashed passwords, account balance, and contact details for some entries.


The card shop administrators initially stated that breached data came from a previous breach in January 2020; at that time a hacker tried to sell the forum’s user database and the members were asked to change their passwords in order to protect their account.

While underground forums get hacked from time to time, cardhsop breaches do not happen very often. In addition, to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users. Although the source remains unknown, it must be one of those revenge hacks cases. This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status.


According to the analysis on the most recent user activity timestamps ran by Group-IB the latest data dump was new.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *