In another case of the hunter becoming the hunted, personal data belonging to thousands of cybercriminals has been leaked online.
According to researchers at Singaporean cybersecurity firm, Group-IB, user information from the Swarmshop hacker forum, where users exchange stolen payment details, was stolen last month and circulated on other cybercrime forums.
Data leaked in the incident included more than 12,000 user records and information pertaining to buyers and sellers on the carding site.
Contact details, account history and hashed passwords were also leaked in the attack, Group-IB revealed.
“The database exposed all compromised data traded on the website,” Group-IB said in a statement.
This included 623,036 payment card records from customers using banks in a host of countries, including the UK, China, France, Brazil, Canada and the USA.
Hundreds of online banking account credentials were exposed in the leak, including more than 69,000 sets of US Social Security numbers and Canadian Social Insurance numbers.
What is Swarmshop?
Researchers at Group-IB described Swarmshop as a “mid-size” forum for stolen and personal payment records which has been operating for at least two years.
As of March 2021, the site boasted more then 12,000 users and featured over 600k ads for payment card records.
“The total amount deposited on all the account was at $18,145.73 by March 2021 – users of card shops do not store large amounts of money on their accounts and top up the balance to make payments if necessary,” Group-IB said.
Although researchers noted that the source of the Swarmshop breach remains “unclear”, exposed records show that two particular users attempted to inject malicious script in the contact information field to search for website vulnerabilities.
“It’s impossible to determine if the two events are connected to the breach,” the firm said.
Dmitry Volkov, CTO at Group-IB said the incident is a “major reputation hit for the card shop as all the sellers lost their goods and personal data.
“While underground forums get hacked from time to time, card shop breaches do not happen very often. In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users,” he said.
Volkov suggested this incident could be a revenge hacking case, which isn’t out of the ordinary.
In January last year, Swarmshop fell victim to a successful cyber-attack that was also believed to have been a revenge attack.
- Who hacks the hackers? Dark web cybercrime forum taken down
- Coronavirus pandemic heralds boom time for ethical hackers
- Hackers use fake Clubhouse app to steal user credentials
This latest breach marks the third incident of its kind since the beginning of 2021. Last month, Russian dark web cybercrime forum, ‘Maza’,was also taken down by hackers, with personal information belonging to cybercriminals stolen and distributed online.
Users of the forum were met with an ominous messages in the wake of the attack, which said “your data has been leaked” and “this forum has been hacked”.
January this year also saw another cybercrime forum, Verified, taken down. The dark web forum was a popular go-to spot for Eastern European cybercriminals, according to researchers.
On this occasion, the attacker(s) claimed to have gained access to information on all of Verified’s registered users, including private messages, hashed passwords and posts on specific threads.
The attackers also transferred more than $150,000 worth of cryptocurrency from Verified’s wallet to their own.