According to Group-IB, a database containing stolen payment cards has been hit by hackers, who were able to lift the information off of the Swarmshop cyber-underground card market. The hackers leaked the information online, putting consumers in the US and across globe at risk for identity fraud, theft, and other attacks. The entity that stole the payment card details from Swarmshop appears to be engaged in a rivalry as the database was posted on an alternative underground forum. Card shops like Swarmshop advertise stolen payment card data.
The database involved in the leak contains 623,038 payment card records from Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the UK, and the US. Most of the victims are located in the United States, according to Group-IB. The database also contains sets of online banking credentials and 69,592 US Social Security numbers and Canadian Social Insurance numbers, which could be used to conduct sophisticated attacks such as phishing, social engineering, identity theft, and identity fraud. Other information exposed in the hack includes 12,344 sets of data pertaining to card shop admins, sellers, and buyers, including usernames, hashed passwords, contact details, sales activity, and current balances.