Hackers are targeting other hackers once again. This time, the details of user data and more than 600,000 credit cards from the darknet payment card marketplace Swarmshop were stolen and then posted on a rival underground forum.

First reported by Threat Intelligence Analyst Sergei Kokurin from threat Group-IB Group Pvt. Ltd. under the apt heading of “when karma comes back,” the data stolen from Smarmshop was leaked online March 17. It’s described as a likely revenge attack.

The data included 12,334 records of Swarmshop administrators, sellers and buyers. It included nicknames, hashed passwords, contact details, history of activity and current along with 623,036 payment card details, 498 sets of online banking accounts details and 69,592 sets of Social Security numbers and Canadian Social Insurance numbers.

Nearly 63% of the stolen credit card data related to U.S. banks, while other records came from financial institutions in China, at about 14%, and the U.K., Canada, France, Singapore, Brazil, Saudi Arabia and Mexico, all in the single digits apiece.

The report noted that though underground hacker forums get hacked from time to time, card shop breaches do not happen very often. That Swarmshop was hacked and not for the first time may be fatal for it. Kokurin said the hack is a major reputation hit because the sellers have lost their goods and personal data and, as a consequence, Swarmshop is unlikely to return.

“What better way to gain access to new hacking tools, dumps, cards, personally identifiable information and other items of value than hacking the people that are stealing it in the first place,” Tyler Shields, chief marketing officer at cyber asset infrastructure management company JupiterOne Inc., told SiliconANGLE. “It comes as no surprise that there have been multiple successful breaches against Swarmshop. Cybercriminals have trouble with security just like everyone else. It just goes to show you that cybersecurity is a difficult problem no matter who you are.”

Naveen Sunkavally, chief architect at pentesting firm Horizon3.AI Inc., noted that the breach show that no one is immune from cyberattacks, including cybercriminals themselves.

“What’s most concerning is the proliferation of user credit card information and online banking credentials,” Sunkavally added. “Attackers don’t need to hack in using zero-days like in the movies; often they can just log in with credentials they’ve stolen from efforts like this.”

Image: Group-IB