On March 17, user data from the Swarmshop card shop – which trades in stolen personal and payment information – was leaked online and posted on a separate underground website, according to Group-IB researchers. The forum included 12,344 records of the card shop admininstrators, sellers, and buyers.
The victims’ nicknames, hashed passwords, contact information, history of operation, and current balance were also included in the leaked data. All compromised data exchanged on the website was also revealed in the database:
Banks from the United States, Canada, the United Kingdom, China, Singapore, France, Brazil, Saudi Arabia, and Mexico released 623,036 payment card records. There were also 498 sets of online banking credentials, as well as 69,592 sets of US and Canadian social security numbers.
While the cause of the intrusion is unknown, the researchers say the exposed records reveal that two card shop users attempted to insert a malicious script into the contact information field in order to look for website vulnerabilities. According to the Group-IB study, determining if the two incidents are linked to the violation is impossible.
Swarmshop has been in operation since at least April 2019, according to Group-IB analysts, and by March 2021, it had a user base of over 12,000 users and over 600,000 payment card records for sale. By March 2021, the total amount deposited on all the accounts was $18,145.73, a low figure because card shop customers don’t want to keep huge amounts on their accounts and instead top up the balance to make payments as required.