70,000 SSNs, 600,000 Credit Card Records Leaked After Stolen-Data Hub Gets Hacked

Image for article titled 70,000 SSNs, 600,000 Credit Card Records Leaked After Stolen-Data Hub Gets Hacked
Photo: DAMIEN MEYER/AFP (Getty Images)

Until recently, the carding store Swarmshop was a popular, illicit online market where cybercriminals could go to sell and purchase stolen credit card and banking data. However, the store’s luck may have run out—and it may have taken a little of your luck with it.


On March 17, a huge cache of the site’s user and administrator data was leaked online to a different underground forum, a new report published Thursday by threat research firm Group-IB shows.

While it’s unclear exactly who stole this data, how, or when, what we do know is that there is a lot of it. The leak exposed thousands of data points, including information on four of the site’s administrators, 90 “sellers,” and 12,250 “buyers.” The dump included criminals’ “nicknames, hashed passwords, account balance, and contact details for some entries,” the researchers write.

While you might be wondering, “So what? Why do I care that a hacker’s email address is now floating around the internet?” just know that it’s a little more complicated than that.

The leak also exposed the personal and banking information that the criminals had been trading—meaning that data on thousands of victims has also been leaked. The information is quite sensitive, and it includes 68,995 sets of U.S. Social Security numbers, as well as 623,036 payment card records, nearly 63% of which are from U.S. banks, according to Group-IB’s findings.

To help clarify what the stolen data dump entails, Group-IB put together a graphic that breaks down the compromised records by country. As you can see, a vast majority of them are from the U.S.

Image for article titled 70,000 SSNs, 600,000 Credit Card Records Leaked After Stolen-Data Hub Gets Hacked
Screenshot: Lucas Ropek/Group-IB

Granted, this data was already compromised—though the recent breach means it is now even more widely distributed than it already was. Instead of just being peddled to some individual buyer, it is now freely accessible to anyone who wants to download it.


“While underground forums get hacked from time to time, cardshop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.”

Though these incidents may be uncommon, cybercrime forums have actually been getting hacked a lot lately. Ongoing reports of sites getting hit have aroused the suspicion of criminals, some of whom see the handiwork of law enforcement at play. Attribution in these cases is pure speculation, however—so it’s currently impossible to say why an uptick like this might actually be happening.


In the case of Swarmshop, researchers seem to believe the attack is the work of another criminal. The site suffered a similar attack about a year ago, at which time data was also stolen. Regardless of who is responsible, researchers think the breach is likely to affect Swarmshop’s standing in the cybercrime community.

“This is a major reputation hit for the card shop as all the sellers lost their goods and personal data,” Volkov said. “The shop is unlikely to restore its status.”



Unspiek, Baron Bodissey wants to speak to the manager

Years ago, some SOB skimmed my card and tried it in an El Paso Sam’s for $20 (I think he was just testing). Fortunately for me the bank moved quickly and both blocked the card and notified me. Took months to recover my $20 but it was ok. I blame it on a convenience store with a drive-in window so you couldn’t really see what’s the guy or lady doing with your card.

I was lucky that lesson was cheap.