Records of the entire community at Swarmshop had leaked along with the stolen card data traded on the forum. An unknown user posted the card shop’s database on a hacker forum for free.
The leak contains nicknames, hashed passwords, contact details, activity history of administrators, sellers, and buyers of Swarmshop.
“In total, the databased revealed the records of 4 cardshop admins, 90 sellers, and 12,250 buyers of stolen data, including their nicknames, hashed passwords, account balance, and contact details for some entries,” said Group-IB.
Researchers at cybersecurity company Group-IB determined the leak took place on March 17. That is a day before Carding Mafia’s breach that leaked email addresses of close to 300,000 members.
Among the data exposed in the Swarmshop dump are details of 623,036 payment cards issued by banks in the U.S., Canada, U.K., China, France, Singapore, Mexico, Brazil, and Saudi Arabia. In addition, there are 498 pairs of online banking account credentials and 69,592 US Social Security Numbers and Canadian Social Insurance Numbers, according to Group-IB researchers.
The dumper did not write a word about the hack but simply dropped a link to the database:
Based on the most user activity timestamps, Group-IB confirmed that the leaked data is from a fresh breach.
Operating since at least April 2019, Swarmshop is a relatively new carding forum with more than 12,000 users and selling data from over 600,000 payment cards.
Swarmshop is the third card forum hacked in March.
On March 5, we reported Maza (or Mazafuka), one of the oldest Russian-speaking hacker forums, had been breached and data of 2,000 accounts leaked.
Since then, screenshots of posts about attacks on Verified, Dread, and Club2Crd have been circulating on underground forums, and the leaks has now been confirmed.
Dmitry Volkov, Group-IB CTO, believes the Swarmshop attack was an act of revenge.
