Data breach affects Carding Mafia, platform for credit card thieves

A recent update on the platform specializing in cybersecurity incidents and data breach Have I Been Pwned mentions that Carding Mafia, a forum for trading stolen credit cards. This incident has resulted in the exposure of around 300,000 user accounts.

This data breach would involve detailed information, including usernames, email and IP addresses, and hashed passwords for 297,744 user accounts. While this incident was revealed last Tuesday, the leak would have occurred about 10 days ago.

Despite constant updates posted by Have I Been Pwned, neither the Carding Mafia user forum nor its public Telegram channel displays information about this attack. Currently this platform has about 500 thousand users, so it is strange that an incident that would have affected so many people remains without being investigated.

Moreover Troy Hunt, principal operator and founder of Have I Been Pwned confirmed that the reports are legitimate and the leak involves completely real information. The researcher also mentioned that the database stored information from Mailinator, a disposable email service used by multiple cybercriminal communities.

It should be mentioned that a disposable email address is used to create accounts on online platforms without the need to enter a real address, so they are not reusable.

While other platforms or security firms have been unable to determine whether the leak is legitimate, a post on another hacking forum announces the sale of a stolen Carding Mafia database, which could confirm the incident.

This is another example of forums for malicious hackers that are affected by other cybercriminal groups. A couple of years ago, a group of hackers attributed the theft of a database owned by Darkode, one of the most important malicious hacking platforms, as well as a couple of attacks on OGUSERS, a forum in which users exchange stolen information to users of all kinds of social networks.

It remains unclear to the authorities what the objectives of these cyberattacks are among the cybercriminal community, although they point out the risks to affected users.

What do you think of hackers attacking other hackers? Do you think this is an additional risk to legitimate users? To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.