The details of the Swarmshop Darknet payment card market have been removed for the second time in two years and published on a competing underground website. The breach includes all of Swarmshop's records and all the data exchanged on the platform with the stolen credit card. 

Group-IB, the global threat chasing business, has detected that Swarmshop credit card shop consumer data was leaked on the internet on 17 March 2021. As per the Group IB, details of 623,036 bank cards provided by banks in the US, Canada, United Kingdom, China, Singapore, France, Brazil, Saudi Arabia, and Mexico have been dumped into the Swarmshop dump. 

Though recently, Swarmshop Carding Store seems to have been a common, illegal digital shopping market where cybercriminals were permitted to sell and buy stolen card and banking information. However, it remains unclear as to who has extracted this information, or how and when. The leak revealed massive amounts of data comprising data on four website operators, 90 sellers, and 12,250 purchasers. The researchers have written, "The dump included criminals' nicknames, hashed passwords and account balance and contact details for some entries.” 

The researchers also found that “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” 

The one who breached Swarmshop did not warn the hacker and only sent a message with a connection to the database. At first, the administrators of the Card Shop claimed that the information was linked to a prior breach of the platform by a hacker in January 2020. However, their passwords were requested to be modified. Group-IB reviewed the current dump and found it fresh based on the most recent timestamps for user operation. 

“While underground forums get hacked from time to time, card shop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.” 

For decades, hackers have hacked other hackers. It seems quite simple for them to gain access to new hacking instruments, dumps, cards, PII, and value products than to hack people who steal them first of all. It is not surprising that Swarmshop has been successfully breached several times. Like everybody else, cybercriminals have security problems. It only shows that cybersecurity is a hard issue regardless of who you are. 

In Swarmshop's case, researchers seem to think that the attack is yet another criminal's business. About one year ago, a set of information has also been compromised. The site underwent a similar attack. No matter who is responsible, researchers believe that the breach would affect Swarmshop's position on cybercrime.