Until recently, the carding store Swarmshop was a popular, illicit online market where cybercriminals could go to sell and purchase stolen credit card and banking data. However, the store’s luck may have run out — and it may have take a little of your luck with it.
On March 17, a huge cache of the site’s user and administrator data was leaked online to a different underground forum, a new report published Thursday by threat research firm Group-IB shows.
While it’s unclear exactly who stole this data, how, or when, what we do know is that there is a lot of it. The leak exposed thousands of data points, including information on four of the site’s administrators, 90 “sellers,” and 12,250 “buyers.” The dump included criminals’ “nicknames, hashed passwords, account balance, and contact details for some entries,” the researchers write.
[referenced id=”1677230″ url=”https://gizmodo.com.au/2021/03/someone-is-hacking-the-hackers/” thumb=”https://gizmodo.com.au/wp-content/uploads/2021/03/05/hl6dabhnf9kt1x7ry1bx-300×169.jpg” title=”Someone Is Hacking the Hackers” excerpt=”In the latest in a string of “hits” on Russian dark web forums, the prominent crime site Maza appears to have been breached by a hacker earlier this week.”]
While you might be wondering, “So what? Why do I care that a hacker’s email address is now floating around the internet?” just know that it’s a little more complicated than that.
The leak also exposed the personal and banking information that the criminals had been trading — meaning that data on thousands of victims has also been leaked. The information is quite sensitive, and it includes 68,995 sets of U.S. Social Security numbers, as well as 623,036 payment card records, nearly 63% of which are from U.S. banks, according to Group-IB’s findings.
To help clarify what the stolen data dump entails, Group-IB put together a graphic that breaks down the compromised records by country. As you can see, a vast majority of them are from the U.S.
Granted, this data was already compromised — though the recent breach means it is now even more widely distributed than it already was. Instead of just being pedaled to some individual buyer, it is now freely accessible to anyone who wants to download it.
“While underground forums get hacked from time to time, cardshop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.”
While these incidents may be uncommon, cybercrime forums have actually been getting hacked a lot lately. Ongoing reports of sites getting hit have aroused the suspicion of criminals, some of whom see the handiwork of law enforcement at play. Attribution in these cases is pure speculation, however — so it’s currently impossible to say why an uptick like this might actually be happening.
In the case of Swarmshop, researchers seem to believe the attack is the work of another criminal. The site suffered a similar attack about a year ago, at which time data was also stolen. Regardless of who is responsible, researchers think the breach is likely to affect Swarmshop’s standing in the cybercrime community.
“This is a major reputation hit for the card shop as all the sellers lost their goods and personal data,” Volkov said. “The shop is unlikely to restore its status.”