[BreachExchange] Over 600, 000 stolen credit cards leaked after Swarmshop hack

[Destry Winant]

https://www.bleepingcomputer.com/news/security/over-600-000-stolen-credit-cards-leaked-after-swarmshop-hack/

The hacking spree targeting underground marketplaces has claimed
another victim as a database from card shop Swarmshop emerged on
another forum.

By the looks of it, the leak contains the records of the entire
Swarmshop community along with all the stolen card data traded on the
forum.

Full data dump

Details about the hack remain unknown but the leak exposes 12,344
records with nicknames, hashed passwords, contact details, activity
history of Swarmshop administrators, sellers, and buyers.

Researchers at cybersecurity company Group-IB discovered that the leak
occurred on March 17, a day before Carding Mafia suffered a breach
that exposed email addresses of close to 300,000 members.

According to Group-IB, the Swarmshop dump includes details from
623,036 payment cards issued by banks in the U.S., Canada, U.K.,
China, Singapore, France, Brazil, Saudi Arabia, and Mexico.

The researchers also found “498 sets of online banking account
credentials and 69,592 sets of US Social Security Numbers and Canadian
Social Insurance Numbers.”

Whoever breached Swarmshop did not give any information about the hack
and just dropped a message with a link to the database.

Initially, the card shop administrators argued that the data was from
a previous breach in January 2020, when a hacker tried to sell the
forum’s user database. Members were asked to change their passwords,
though.

Group-IB analyzed the latest dump and determined that it was new,
based on the most recent user activity timestamps.

“In total, the databased revealed the records of 4 cardshop admins, 90
sellers, and 12,250 buyers of stolen data, including their nicknames,
hashed passwords, account balance, and contact details for some
entries” - Group-IB

Swarmshop is a relatively new carding forum operating since at least
April 2019. By March 2021, it attracted more than 12,000 users and had
data from over 600,000 payment cards on sale.

Not an isolated incident

March seems to have been a bad month for underground forums, Swarmshop
being the third one hacked in this timeframe.

At the beginning of the month, BleepingComputer reported that Maza (or
Mazafuka) - one of the oldest Russian-speaking hacker forums - had
been attacked and had its member data leaked.

Since the beginning of the year, other communities in the same
business had the same fate. The person tipping us about Maza also
shared screenshots of posts about attacks on Verified, Dread, and
Club2Crd.

On February 15, the Verified administration lost control of the site
to unknown operators who had exploited a vulnerability.

A day later, a super-moderator of Club2Crd announced that their
account had been hijacked to scam forum members and steal their money.

The same month, Dread was the target of multiple attacks, and the
administrator forced new security measures to prevent further
disruptions.

Dmitry Volkov, Group-IB CTO, says that card shop breaches are
uncommon. With Swarmshop, the assumption is that it was the target of
a revenge hack that caused all sellers to lose their goods and
personal data.