In another example of there being no honor among thieves, a major forum that deals with stolen credit cards has been hacked and the details of almost 300,000 users stolen and published online.

The forum, called Carding Mafia, operates on the regular internet and offers various forums discussing how to hack and steal credit cards, along with hacking tools, stolen credit numbers, bank account details and PayPal accounts.

The hack was first discovered March 23 by data breach notification site Have I Been Pwned, which noted that the breach was detected March 18. The exposed details included usernames, email addresses, IP addresses and passwords stored as salted MD5 hashes.

According to Vice, the stolen data was being advertising for free on another hacking forum Jan. 27, suggesting that the theft of user data dates back at least several months. Along with offering the details of 290,000 users, the ad also offers 660,000 posts and 130,000 threads in a database totaling 990 gigabytes.

This is not the first time a hacking forum has itself been hacked. Stolen credentials forum OGUsers was hacked in May 2019 and then again in December, with user data stolen.

“Most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE. “Even the Western law enforcement agencies are currently underequipped to investigate and prosecute cybercrime on a large scale, and will probably not initiate investigatory operations after the leak.”

On the other hand, he added, private messages can be a treasure trove. “Many beginners carelessly expose sensitive technical, personal and other details there,” Kolochenko explained. “Even a simple analysis of the unencrypted messages can paint a broad picture of the underground marketplace and shed light on the true identities of wrongdoers and their clients. Cybercriminals will probably not exploit the stolen information in an aggressive manner except for some rival gangs aiming to stiff competition.”

Image: Richard Patterson/Flickr