No honor among thieves: Scammers target stolen credit card hubs

Swarmshop and Carding Mafia were victimized in March.
This illustration picture shows debit and credit cards arranged on a desk on April 6, 2020 in Arlington, Virginia. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)

Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month.

User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of thousands of compromised payment card records, security vendor Group-IB said in a report out Thursday.

That follows news from last month that another forum, Carding Mafia, had been hacked, also exposing hundreds of thousands of user accounts.

Word of the nefarious activity only is the latest drama to emerge from the cybercriminal underground. Another notorious forum, Joker’s Stash, recently shut down after attention from global law enforcement officials. In an unrelated case, a Russian man pleaded guilty in January to running an illicit hosting service meant to further fraud schemes.


In the case of Swarmshop, it’s also actually the second time cybercriminals have targeted it.

“While the source of the breach remains unclear, the exposed records show that two card shop users attempted to inject a malicious script searching for website vulnerabilities in the contact information field,” Group-IB found. “It’s impossible to determine if the two events are connected to the breach.”

In all, the incident exposed 623,036 payment card records from banks in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K. and the U.S. The vast majority, nearly 63%, were from the U.S.

It also exposed 498 sets of online banking account credentials and 69,592 U.S. Social Security numbers and Canadian Social Insurance numbers, according to Group-IB.

The posted database also contained personal records of 12,344 card shop administrators, sellers and buyers, including their hashed passwords and current balances.


Group-IB’s chief technology officer, Dmitry Volkov, said the incident was likely to do severe damage to Swarmshop’s reputation.

“While underground forums get hacked from time to time, cardshop breaches do not happen very often,” Volkov said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.”

Carding Mafia is one such underground forum hit by hackers recently. Breach notification service Have I Been Pwned confirmed that a hack exposed 300,000 user accounts there last month.

Latest Podcasts