Hackers Compromised a Popular Carding Site Exposing 300,000 User Account Details

According to Have we Been Pwned, Carding Mafia, a forum for stealing and trading credit cards, has been hacked, exposing 300,000 user accounts.

However, Motherboard suggests that the credit label hacking forum operators have not told their users estimated to be about 500,000.

Unlike a carding site that offers stolen information to cybercriminals, Have we Been Pwned use allows users to establish if their login information was leaked in any information breach.

Carding site exposes cybercriminals’ emails and IP addresses

The data crack on Card Mafia exposed email addresses, hashed passwords, usernames, and IP addresses of 297,744 carding site users.

Troy Hunt, a owner of Have we Been Pwned reliable a flawlessness of the stolen data. Hunt pronounced that a carding site famous leaked email addresses by a “forgot password” feature, though unsuccessful when pointless email addresses were used.

The carding site warned that “you have not entered an email residence that we recognize” when pointless emails were entered, according to Motherboard.

Similarly, a hacker flush on another renouned hacking forum promotion information stolen from a bootleg carding site.

According to screenshots common by Motherboard, a database allegedly stolen from a carding site was 990 GB in distance containing 660,000 posts and 130,000 threads. The purported hacker charity a database for giveaway by his private messaging inbox.

A few months ago, researchers found that many cybercrime exchange were changeable to private messaging apps to equivocate alerting authorities and confidence researchers who customarily advise a compromised organizations.

It’s not odd for hackers to dispose of stolen information for giveaway to acquire “street cred” or repute on renouned hacking forums. They can gain on this repute to ask remuneration for data, and even direct reward prices.

Reputation is a absolute apparatus in a subterraneous markets such that a few hazard actors have dominated a markets by formulating a plain repute over a years. Thus, different hackers find it formidable to sell stolen information exclusively and review to regulating information brokers and interruption with inexhaustible commissions.

Hacker on hacker crime is prevalent on subterraneous hacking forums

Three tip Russian hacking forums were recently hacked within 3 weeks, according to a confidence journalist, Brian Krebs.

Similarly, Darknode was hacked in 2017 immediately after launching, while OGUSERS was compromised twice in 2019 and 2020.

Hacker on hacker cybercrime is a renouned process of gloomy foe from opposition gangs charity identical services. It could also be an easy approach to obtain gigabytes of stolen information for giveaway or urge a hacker’s reputation.

However, it increases a risk on a victims when their information falls in a hands of some-more criminals. Contrarily, it could lead to a detain of cybercriminals by tracing their IP and email addresses.

Although IP information could concede law coercion agencies to establish a cybercriminals’ location information, many hackers use VPN services to censor their genuine internet addresses. Additionally, hackers use untraceable email addresses from providers such as Mailinator to register on hacking sites. However, beginner hackers are expected to error by logging in regulating their genuine IP addresses or induction on a carding hacking sites regulating genuine email addresses.

Unfortunately, a cost and resources compulsory to track, arrest, and prosecute cyber criminals tumble over governments’ abilities.

Commenting on a concede of a bootleg carding site, Ilia Kolochenko, Founder and Chief Architect during ImmuniWeb, says: “Most of a compromised accounts have feign information and IPs from unknown VPNs or proxies that are not expected to move most actionable justification to law coercion agencies for investigation. Moreover, even a Western law coercion agencies are now underequipped to examine and prosecute cybercrime on a vast scale, and will substantially not trigger investigatory operations after a leak.”

However, he suggests that a stolen information, generally a private messages, could be useful if delicately analyzed.

“Many beginners weakly display supportive technical, personal and other sum there. Even a elementary research of a unencrypted messages can paint a extended design of a subterraneous marketplace and strew light on a loyal identities of wrongdoers and their clients. Cybercriminals will substantially not feat a stolen information in an assertive demeanour solely for some opposition gangs aiming to unbending competition.”

Kolochenko suggests that a crack originated from a zero-day disadvantage on a program used to build a carding site.

“It would be engaging to learn about a origins of a hack, though mostly it will have stemmed from a 0day in forum web software, compromised admin’s machine, or maybe even a cue reuse attack. We will substantially not get a debate news and might only observe how a conditions develops.”


Back to Top