Researchers at Group-IB reported a new dump shared in an underground forum belonging to Swarmshop, a carding data portal. The data leaked has over 12,000 records of Swarmshop users and admins, containing their names, hashed passwords, contact details, and active histories. Further, it contained over 623K card details and banking credentials sold in Swarmshop.
Swarmshop Data Leak
Started in mid-2019, Swarmshop is a fairly popular underground marketplace for buying and selling stolen card data. In March this year, the marketplace has reached over 12,000 users mark and has over 623K payment cards being traded on its platform.
The marketplace got hacked in January last year and resulted in its users’ leaking data. This triggered the admins to advise users about changing passwords and remaining secure. But, it now seems to be hacked again, as a person from an underground forum has shared a URL to Swarmshop’s dump.
Group-IB verified this from the latest attack since the timestamps of users’ activities from the shared dump revealed recent transactions. The dump consisted of 623,036 payment card data traded on Swarmshop, issued by various banks in France, Brazil, U.S., Canada, U.K., China, Singapore, Saudi Arabia, and Mexico.
Also, the researchers have found “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” Alongside, the dump also included about 12,344 records belonging to Swarmshop that contained nicknames, hashed passwords, account balance, and contact details for some entries of Swarmshop users and admins.
The person who shared this dump hasn’t revealed his intent but just posted with a title and URL. May 2021 is worst for underground forums, as we’re seeing a lot of such underground forums being hacked or shut down like Joker’s Stash recently.