Hackers leak data from dark web marketplace

Over 600,000 payment card records and 12,000 user records leaked

Security researchers have discovered that hackers have attacked Swarmshop, a dark web marketplace specializing in selling stolen payment card information, and leaked over 600,000 payment card records.

According to a new report by cyber security firm Group-IB, the leak contained virtually all of Swarmshop’s user data. Researchers believe the leak initially occurred on March 17.

The leak exposed 12,344 records, including the card shop’s admins, sellers, and buyers. The leaked data included nicknames, hashed passwords, contact details, activity history, and current balance. 

The database also exposed all compromised data traded on the website, including 623,036 payment card records issued by the banks from the US, Canada, UK, China, Singapore, France, Brazil, Saudi Arabia, and Mexico, 498 sets of online banking account credentials, and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers leaked too.

Swarmshop has been in operation since at least April 2019. By March 2021, it had over 12,000 users and over 600,000 payment card records for sale. Group-IB said the total amount deposited on all the accounts was at $18,145.73 by March 2021.

Hackers who breached the site didn’t divulge how the hack happened. Instead, they posted a message with a link to the database. However, one clue showed that two card shop users attempted to inject a malicious script searching for website vulnerabilities in the contact information field.

“It’s impossible to determine if the two events are connected to the breach,” said researchers.

Researchers said this isn’t the first time cyber criminals have targeted Swarmshop. In January, hackers leaked the card shop’s records on an underground forum.

They added that the hacker was likely motivated by revenge and wanted to sell the Swarmshop user database. The hacker also posted a screenshot allegedly from the card shop’s admin panel.

Dmitry Volkov, Group-IB CTO, said that while underground forums get hacked from time to time, card shop breaches do not happen very often. 

“In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users,” he said. “Although the source remains unknown, it must be one of those revenge hacks cases. This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status.”

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Chipotle’s marketing email hacked to send phishing emails
phishing

Chipotle’s marketing email hacked to send phishing emails

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021
Dark web ads offering access to corporate networks increase sevenfold
hacking

Dark web ads offering access to corporate networks increase sevenfold

28 Jul 2021
Number of hacking tools increasing as cyber criminals become more organized
hacking

Number of hacking tools increasing as cyber criminals become more organized

28 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021