623,000 payment cards stolen from Swarmshop, an underground community of hackers

April 15, 2021
swarmshop hacked data 623,000 payment cards compromised data

Breaking news in the underground cybercommunity is the latest hacking incident that the Swarmshop recently experienced from an unknown adversary. Swarmshop has been active in the underground since April 2019 and had suffered a known breach in January 2020. The latest is this March. Swarmshop is an underground community specialized in hacking card details that have been used for online purchases. The membership is said to have drastic growth, 2.5 times since it started. The group can extract details from their victim, including Personal Information Identifiers (PII), card numbers, account details, and CVV. The hacked data are sold off within community members that will be used on other malicious activity, such as card duplication or direct online purchases of the buyer.  

The recent stolen data from Swarmshop was said to be in over 623 thousand records, including information of the site administrators, sellers, and buyers account details and hashed passwords in the community. Hacked card details are traced from banks issued from different known countries around the globe for their customers, in which 63 per cent of the total list are financial institutions that came from the United States. 

Based on the in-depth investigation of cybersecurity experts that exposed the breach, the alleged intrusion was most likely done by a newer member of the Swarmshop community. These users have tried to inject malicious codes to search and extract information of vulnerabilities from the site database. Though there’s no confirmation yet from the site administrators, they have just given an official statement that the recent hacked data are the same information that has been stolen in the January 2020 attack. They have already asked their members to change their password immediately to prevent further abuse since then. However, based on the extracted information from the URL database posted by the hacker, the information on it are new according to the latest activity and card usage details. 

The news of hacking a hacker in the underground community is not new at all. This activity has already been noted by different adversaries on their respective forums or shops. This only shows that not everyone or businesses are immune to a breach. Security imposed by the hackers is also vulnerable to other hackers even if they specialize in breaching security and have already been proactive in preventing such cases. Swarmshop now recorded the third time being a victim of hacker hacking another hacker. Moreover, incidents as such hacking in the underground community have nevertheless been tagged mostly forprofit or money. Usually, the attack is also used as an act of revenge or to boost the ego of these adversaries, to show off their capability and to run down emerging adversaries in which they compete

A dreaded reality that cybersecurity experts should learn from and be more proactive on is in devising a defence and mitigation plan for possible intrusion, especially on the rampant cyber crimes are being committed today.

About the author

Leave a Reply