600K Payment Card Records Leaked After Swarmshop Breach600K Payment Card Records Leaked After Swarmshop Breach
A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
April 9, 2021
A breach of Swarmshop, an online hub for selling stolen personal and payment records, has led to the exposure of more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, Group-IB researchers report.
Group-IB calls Swarmshop a midsize "neighborhood" store for selling stolen records. The shop has been in operation since at least April 2019; by March 2021, it had more than 12,000 users and more than 600,000 payment card records for sale.
Researchers discovered data belonging to Swarmshop users leaked on March 17, 2021, when they found the information posted on a different underground forum. The leaked database contained the records of four shop admins, 90 sellers, and 12,250 buyers of stolen data, whose nicknames, hashed passwords, account balance, and, for some, contact details, were exposed.
The database also exposed a wealth of compromised and personal data traded on Swarmshop. It contained 623,036 payment card records, 62.7% of which were issued by US banks. Other records came from financial institutions in China (14.02%), the UK (3.24%), Canada (3.09%), France (3.07%), Singapore (1.6%), Brazil (1.32%), Saudi Arabia (0.99%), and Mexico (0.86%).
In addition to stolen payment cards, the database exposed 498 sets of online bank account credentials, 68,995 sets of US Social Security numbers, and 597 Canadian Social Insurance numbers.
Read the full Group-IB findings for more details.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023