600,000 Stolen Credit Cards Leaked Following the Swarmshop Hack
The Data Leak Seems To Be Containing Records of the Entire Swarmshop Community and All the Stolen Card Data Traded on the Forum.
A database that contains nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers was leaked exposing more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, according to Group-IB researchers.
A carding forum represents a digital space where stolen credit card information is shared and methods on how to steal card information are discussed.
Swarmshop is a quite new carding forum, operating since April 2019 and having so far more than 12,000 users.
Specific details about the hack are still unknown but it looks like the leak is leaving exposed 12,344 records containing nicknames, hashed passwords, contact details, activity history of Swarmshop administrators, sellers, and buyers.
Heimdal™ Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
The Swarmshop leak includes details from 623,036 payment cards issued by banks in the U.S., Canada, U.K., China, Singapore, France, Brazil, Saudi Arabia, and Mexico and also 498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.
The attackers that breached Swarmshop did not offer any information regarding the hack and they just leaked a message with a link to the database.
In total, the databased revealed the records of 4 cardshop admins, 90 sellers, and 12,250 buyers of stolen data, including their nicknames, hashed passwords, account balance, and contact details for some entries.
The card shop administrators initially stated that breached data came from a previous breach in January 2020; at that time a hacker tried to sell the forum’s user database and the members were asked to change their passwords in order to protect their account.
While underground forums get hacked from time to time, cardhsop breaches do not happen very often. In addition, to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users. Although the source remains unknown, it must be one of those revenge hacks cases. This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status.
According to the analysis on the most recent user activity timestamps ran by Group-IB the latest data dump was new.