600K Payment Card Records Leaked After Swarmshop Breach

A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.

A breach of Swarmshop, an online hub for selling stolen personal and payment records, has led to the exposure of more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, Group-IB researchers report.

Group-IB calls Swarmshop a midsize “neighborhood” store for selling stolen records. The shop has been in operation since at least April 2019; by March 2021, it had more than 12,000 users and more than 600,000 payment card records for sale.

Researchers discovered data belonging to Swarmshop users leaked on March 17, 2021, when they found the information posted on a different underground forum. The leaked database contained the records of four shop admins, 90 sellers, and 12,250 buyers of stolen data, whose nicknames, hashed passwords, account balance, and, for some, contact details, were exposed.

The database also exposed a wealth of compromised and personal data traded on Swarmshop. It contained 623,036 payment card records, 62.7% of which were issued by US banks. Other records came from financial institutions in China (14.02%), the UK (3.24%), Canada (3.09%), France (3.07%), Singapore (1.6%), Brazil (1.32%), Saudi Arabia (0.99%), and Mexico (0.86%).

In addition to stolen payment cards, the database exposed 498 sets of online bank account credentials, 68,995 sets of US Social Security numbers, and 597 Canadian Social Insurance numbers.

Read the full Group-IB findings for more details.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

More Insights

Source

Next Post

Fraudsters Use HTML Legos to Evade Detection in Phishing Attack

Thu Apr 8 , 2021
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report. Researchers with Trustwave SpiderLabs are warning of a phishing campaign that employs what it calls “HTML Lego” to deliver a fake login page. The phishing campaign is aimed at Microsoft 365 users and designed to mimic a Microsoft […]