Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned.
The data breach allegedly exposed the email addresses, IP addresses, usernames, and hashed passwords of 297,744 users. Have I Been Pwned announced the data breach on Tuesday, saying the breach happened last week.
On the Carding Mafia forum and its public Telegram channel, however, there was no sign that its users have been warned. Carding Mafia has more than 500,000 users, according to the forum's own statistics. The site administrator did not immediately respond to an email asking for comment.
Troy Hunt, the founder of Have I Been Pwned, told Motherboard that he was able to confirm the hacked database is legitimate. Hunt said that he noticed in the database that there were Mailinator email addresses, a service that allows anyone to create throwaway email addresses. Hunt said that he then inserted those addresses in the forum, using the Forgot Password feature, and he saw that those emails are recognized as valid emails. Usually Mailinator email addresses are created for one purpose and are not reused; the fact that these addresses are contained in the data dump and are also recognized by the forum suggests that the data is legitimate.
Do you have information on this data breach or other data breaches? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Motherboard can confirm that the forum says "you have not entered an email address that we recognize" when trying to use the Forgot Password feature with an email that we have not used to register on the forum.
"Another 'hacker hacking hackers' story," Hunt said.
Motherboard has not seen the data, and we are unable to independently confirm the breach.
On another hacking forum, a user was advertising the data allegedly stolen from Carding Mafia on January 27 of this year.
This is the latest example of forums that cater to hackers or cybercriminals getting hacked. In 2017, hackers stole the database of a hacking forum called Darkode right after it opened. The infamous OGUSERS forum, where people traded stolen Instagram and other social media accounts, has been hacked twice, in 2019, and 2020. More recently, security journalist Brian Krebs reported that three of the most important Russian-language cybercrime forums have been hacked over the span of three weeks.
In all of these cases, the hacked user information can be used to link pseudonymous users across different forums. Law enforcement agencies could also use the stolen data to try to identify criminals hiding behind those nicknames.
Subscribe to our cybersecurity podcast CYBER, here.