Leak Aggregator Have I Been Pwned (HIBP) This Week discovered that the data of users of the well-known carding forum Carding Mafia got into the network.
Apparently, the forum was hacked, and as a result, information about 297,744 users was leaked to the public (the total user base of the forum is about 500,000 people). According to HIBP, the dump includes email addresses, IP addresses, usernames and hashed passwords (MD5).
Interestingly, on the Carding Mafia forum itself and its Telegram channel, there have not yet been any reports of compromise and possible data leakage. When journalists of Vice Motherboard tried to contact the site administration, they were not answered.
The founder of Have I Been Pwned, Troy Hunt, told the publication that he was able to confirm the authenticity of the dump. So, the specialist noticed in the leaked database of email addresses Mailinator, a service that allows anyone to create disposable mailboxes. Hunt used these addresses on the forum using the “I forgot my password” feature, and the addresses turned out to be familiar to Carding Mafia, that is, they were previously used to create accounts on the forum.
“Another story about how hackers hack hackers,” Hunt commented.
Journalists, however, note that in January of this year, another hacker forum has already published data allegedly stolen from Carding Mafia. That is, the leak could probably have occurred even then.