Not a week goes by anymore, it seems like, when we don’t have multiple hacks to report on, as well as a fresh data breach or systems intrusion on the part of attackers constantly probing for weaknesses anywhere that consumer records are stored.
Many of these episodes garner headlines simply because of the scale of the data breach and the target of the attack. Facebook is one example of this, as the social network is still facing an onslaught of criticism online over the revelation from this past weekend that the company has suffered yet another embarrassingly massive data leak — encompassing personal information from more than 533 million Facebook users across 106 countries. Meantime, hackers themselves are also getting hacked, as word of a separate breach at a hub for stolen data has also just been reported.
Threat research firm Group-IB posted a report on Thursday documenting how Swarmshop — described as a “neighborhood” store for stolen personal and payment records, such as credit card data — saw a major cache of its user and administrator data leaked online to another underground hacker forum. Appropriately, the title of the Group-IB report summarizing what happened here is “What Goes Around Comes Around,” but make no mistake — there’s just as good of a chance that your data may be caught up in this as there is that hackers acquired stolen data on other hackers.
According to the report on this hack, the Swarmshop database that was posted on a different underground forum contained 12,344 records of the card shop administrators, sellers, and buyers. That’s per a Twitter thread from Group-IB, which goes on to note that this database also “exposed all compromised data traded on the website, including 623,036 payment card records, 498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.”
👥Group-IB discovered that user data of the Swarmshop card shop have been leaked online. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers 👇#GroupIB #GIB_News #GIB_TIA #cardshop #cybersecurity
— Group-IB Global (@GroupIB_GIB) April 8, 2021
Given the nature of the treasure trove of data that Swarmshop represents, it should probably come as no surprise that this is also not the first time that the stolen data hub has found itself in the crosshairs of other cybercriminals. In January 2020, the site’s records were leaked on an underground forum, reportedly by a user motivated by revenge. Meantime, here’s what else we know about this new hack — the data dump included records on more than 623,000 payment cards, almost 63% of which were issued by US banks.
“While underground forums get hacked from time to time, cardshop breaches do not happen very often,” Group-IB CTO Dmitry Volkov said. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users. Although the source remains unknown, it must be one of those revenge hacks cases. This is a major reputation hit for the card shop as all the sellers lost their goods and personal data. The shop is unlikely to restore its status.”