fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Over 600,000 Stolen Credit Cards Leaked After Swarmshop Hack

Over 600,000 Stolen Credit Cards Leaked After Swarmshop Hack

The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum.

By the looks of it, the leak contains the records of the entire Swarmshop community along with all the stolen card data traded on the forum.

Full data dump

Details about the hack remain unknown but the leak exposes 12,344 records with nicknames, hashed passwords, contact details, activity history of Swarmshop administrators, sellers, and buyers.

Researchers at cybersecurity company Group-IB discovered that the leak occurred on March 17, a day before Carding Mafia suffered a breach that exposed email addresses of close to 300,000 members.

According to Group-IB, the Swarmshop dump includes details from 623,036 payment cards issued by banks in the U.S., Canada, U.K., China, Singapore, France, Brazil, Saudi Arabia, and Mexico.

The researchers also found “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.”

Whoever breached Swarmshop did not give any information about the hack and just dropped a message with a link to the database.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Initially, the card shop administrators argued that the data was from a previous breach in January 2020, when a hacker tried to sell the forum’s user database. Members were asked to change their passwords, though.

Group-IB analyzed the latest dump and determined that it was new, based on the most recent user activity timestamps.

“In total, the databased revealed the records of 4 cardshop admins, 90 sellers, and 12,250 buyers of stolen data, including their nicknames, hashed passwords, account balance, and contact details for some entries” – Group-IB

Swarmshop is a relatively new carding forum operating since at least April 2019. By March 2021, it attracted more than 12,000 users and had data from over 600,000 payment cards on sale.

Not an isolated incident

March seems to have been a bad month for underground forums, Swarmshop being the third one hacked in this timeframe.

At the beginning of the month, BleepingComputer reported that Maza (or Mazafuka) – one of the oldest Russian-speaking hacker forums – had been attacked and had its member data leaked.

Since the beginning of the year, other communities in the same business had the same fate. The person tipping us about Maza also shared screenshots of posts about attacks on Verified, Dread, and Club2Crd.

On February 15, the Verified administration lost control of the site to unknown operators who had exploited a vulnerability.

A day later, a super-moderator of Club2Crd announced that their account had been hijacked to scam forum members and steal their money.

The same month, Dread was the target of multiple attacks, and the administrator forced new security measures to prevent further disruptions.

Also Read: 5 Common Sections In An Agreement Form Example

Dmitry Volkov, Group-IB CTO, says that card shop breaches are uncommon. With Swarmshop, the assumption is that it was the target of a revenge hack that caused all sellers to lose their goods and personal data.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us