The Swarmshop cyber-underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data & leaked it online.
The database was subsequently leaked elsewhere, imperilling consumers from the US & worldwide.
That is according to researchers at Group-IB, who said that the database was posted on a rival underground forum.
Database in Question
Card shops, are online cyber-criminal forums where stolen payment-card data is bought & sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the UK & the US. Most of the card data came from the US, (63%).
The database also has 498 sets of online banking account credentials & 69,592 sets of US Social Security Numbers & Canadian Social Insurance Numbers, according to Group-IB.
Finally, there are 12,344 sets of data for card shop admins, sellers & buyers, including usernames, hashed passwords, contact details, sales activity & current balances, researchers observed.
The firm’s analysis of the database found that the information was new, judging by the latest user activity timestamps.
Multiple Successful Breaches
“Hackers have been hacking other hackers for decades. What better way to gain access to new hacking tools, dumps, cards, personally identifiable information (PII) & other items of value than hacking the people that are stealing it in the 1st place,” explained Tyler Shields, CMO at Jupiter One, commented.
“It comes as no surprise that there have been multiple successful breaches against Swarmshop. Cyber-criminals have trouble with security just like everyone else. It just goes to show you that cyber-security is a difficult problem no matter who you are.”
Swarmshop is a mid-size, Russian speaking “neighbourhood” store that has been operating since at least April 2019. According to Group-IB, the number of Swarmshop users is now 2.5x bigger than it was in Jan. 2020, with traded payment records increasing from 485,617 pieces to 623,036 last month.
In Mar., when it was hacked, the total amount deposited to buyer accounts was $18,145.73.
“Users of card shops do not store large amounts of money on their accounts & top up the balance to make payments if necessary,” explained the researchers, in a posting Thur. “The analysis showed that It’s fair to assume that card shop owners’ net profits have also grown exponentially.”
“While the source of the breach remains unclear, the exposed records show that 2 card shop users attempted to inject a malicious script searching for website vulnerabilities in the contact information field,” researchers stated. “It’s impossible to determine if the 2 events are connected to the breach.”
Swarmshop has been targeted by fellow cyber-criminals before: In Jan. 2020, someone claimed to be selling the Swarmshop user database & posted a screenshot allegedly from the card shop’s admin panel. It is unclear if the same perpetrators are at work in the latest incident.
“Although the source remains unknown, it must be one of those revenge hacks cases,” Group-IB researchers outlined. “This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status.”
Chris Morales, CISO at Netenrich, speculated that the hack could have been for glory.
“This once again demonstrates that all businesses have the same concern of compromise, both legal & illegal,” he explained “Honour among thieves has always been a Hollywood myth. Above & beyond the normal for-profit attack motive we most often focus on; ego is still very much a motive too.”